ID: 582191 Sample Name: 2022 NCAA Bracket Pool.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 08:33:49 Date: 03/03/2022 Version: 34.0.0 Boulder Opal
ID: 582191Sample Name: 2022 NCAABracket Pool.docxCookbook:defaultwindowsofficecookbook.jbsTime: 08:33:49Date: 03/03/2022Version: 34.0.0 Boulder Opal
2555555555566677888999999
101212
13131414141414141414141515151516161617171718181819191920202021
21
212222222323232324242425
Table of Contents
Table of ContentsWindows Analysis Report 2022 NCAA Bracket Pool.docx
OverviewGeneral InformationDetectionSignaturesClassification
Process TreeMalware ConfigurationYara SignaturesSigma SignaturesJoe Sandbox SignaturesMitre Att&ck MatrixBehavior GraphScreenshots
ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Domains and IPsContacted DomainsContacted URLsURLs from Memory and BinariesWorld Map of Contacted IPs
Public IPs
PrivateGeneral Information
WarningsSimulations
Behavior and APIsJoe Sandbox View / Context
IPsDomainsASNsJA3 FingerprintsDropped Files
Created / dropped FilesC:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicC:\Users\user\AppData\Local\Google\Chrome\User Data\1f8a7b86-571d-4f4a-9ddb-de291fbc0399.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\24d331dc-a172-4f2c-a19a-63b7b907ed63.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\27305238-52e1-4385-829b-e2585c9eb22e.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\2a55cf5b-0ac4-4652-81ce-32218e7007a9.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\3904b8f2-82f6-47de-8a75-0f70aa583b26.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\5af96e48-7a06-41e2-b40d-9359bc39b2e0.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\625a408e-6401-430c-98f5-c95c7674dd83.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\9a118410-2194-4f17-85d0-850c1b3dc863.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\09b19449-6951-48be-b79f-fef1ab200159.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0e241ac0-acc6-4364-aef1-82c82f109d23.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0f18da85-ac1b-4e69-b070-e9e926b9a917.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2806e168-28cb-4dc0-a585-2aadee644383.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\48c41bd9-ee75-4a0c-ba25-a5d562b48b37.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6393ee2c-430a-4112-8889-918b78171fb4.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\727e9068-8d58-4927-a4f8-196262968a71.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8196c716-6576-4d9c-b693-44ddae3afb47.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\94a574bc-4b20-4d9b-b474-bc387fbc21d3.tmpC:\Users\user\AppData\Local\Google\Chrome\UserData\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.jsonC:\Users\user\AppData\Local\Google\Chrome\UserData\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.jsonC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.logC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOGC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider CacheC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State._ (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State} (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences. (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences.T (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences\ (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencesj (copy)
Copyright Joe Security LLC 2022 Page 2 of 135
2525262626
2727
27
2828
2829292929303030313131313232333333343434343535
35363636373737383838393939404040414141424242434343434444444545454646464747474747474964
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.. (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences/ (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferencese (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferencesjs (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\6038690d-c704-498f-8e64-1a05e9d54867.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State..(copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\73f94b64-5a03-434e-b867-53da0d72a7ec.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State..(copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity0 (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a5c65c32-fd8e-4abe-8085-6597e3e5e63a.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b01df5f8-f6a7-43f8-9ee7-c09dbb3b513f.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\bef4e8f2-3921-4d91-9a11-a5946b9381ee.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c7203867-2261-4bc7-9fce-5d958a0a7ffc.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT.. (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\edfb0e26-7007-4550-b9e7-6e8facd42980.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\Last BrowserC:\Users\user\AppData\Local\Google\Chrome\User Data\Last VersionC:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Local StateG (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Local StateMP (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Local States (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Local States} (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache.T (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info CacheW (copy)C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir6792_1407872291\Ruleset DataC:\Users\user\AppData\Local\Google\Chrome\User Data\a04472d5-c104-4329-805a-fded3e3aae1d.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\d61a250b-c5da-4ad9-a501-4bfb35c0a01d.tmpC:\Users\user\AppData\Local\Google\Chrome\User Data\f1e72b67-fd0f-4c20-b69e-f0efd3b48812.tmpC:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\1B1F1FA2-4480-408A-AA09-8E599A0521EEC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{2E166C1B-21B5-4EC3-B0F5-DDC5705FED10}.tmpC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{486AA045-9E77-42FB-AEAD-86A01C820FC8}.tmpC:\Users\user\AppData\Local\Temp\214e4e34-6824-4e7d-b8bb-8672de686a21.tmpC:\Users\user\AppData\Local\Temp\4c759342-6926-4f99-86be-d9b993978ecd.tmpC:\Users\user\AppData\Local\Temp\6792_4360340\_metadata\verified_contents.jsonC:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_pnacl_jsonC:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_oC:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_oC:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_crtend_oC:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexeC:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_aC:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_aC:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_aC:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_aC:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexeC:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexeC:\Users\user\AppData\Local\Temp\6792_4360340\manifest.fingerprintC:\Users\user\AppData\Local\Temp\6792_4360340\manifest.jsonC:\Users\user\AppData\Local\Temp\6792_458024993\LICENSEC:\Users\user\AppData\Local\Temp\6792_458024993\_metadata\verified_contents.jsonC:\Users\user\AppData\Local\Temp\6792_458024993\crl-setC:\Users\user\AppData\Local\Temp\6792_458024993\manifest.fingerprintC:\Users\user\AppData\Local\Temp\6792_458024993\manifest.jsonC:\Users\user\AppData\Local\Temp\6792_977489141\Filtering RulesC:\Users\user\AppData\Local\Temp\6792_977489141\LICENSE.txtC:\Users\user\AppData\Local\Temp\6792_977489141\_metadata\verified_contents.jsonC:\Users\user\AppData\Local\Temp\6792_977489141\manifest.fingerprintC:\Users\user\AppData\Local\Temp\6792_977489141\manifest.jsonC:\Users\user\AppData\Local\Temp\8bb51acf-391f-48b6-a1ed-c74a40858789.tmpC:\Users\user\AppData\Local\Temp\a91e338d-132c-4e7a-a710-303cc0287759.tmpC:\Users\user\AppData\Local\Temp\scoped_dir6792_833954495\8bb51acf-391f-48b6-a1ed-c74a40858789.tmpC:\Users\user\AppData\Local\Temp\scoped_dir6792_833954495\CRX_INSTALL\_locales\bg\messages.jsonC:\Users\user\AppData\Local\Temp\scoped_dir6792_833954495\CRX_INSTALL\_locales\ca\messages.jsonC:\Users\user\AppData\Local\Temp\scoped_dir6792_833954495\CRX_INSTALL\_locales\cs\messages.json
Static File InfoGeneralFile Icon
Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS Queries
Copyright Joe Security LLC 2022 Page 3 of 135
646566
128128
129129129129129129129131
134134134135135
135135135
135
DNS AnswersHTTP Request Dependency GraphHTTPS Proxied Packets
StatisticsBehavior
System BehaviorAnalysis Process: WINWORD.EXEPID: 3076, Parent PID: 744
GeneralFile ActivitiesRegistry Activities
Key CreatedKey Value CreatedKey Value Modified
Analysis Process: chrome.exePID: 6792, Parent PID: 3088GeneralFile ActivitiesRegistry Activities
Key Value Modified
Analysis Process: chrome.exePID: 3016, Parent PID: 6792GeneralFile Activities
Disassembly
Copyright Joe Security LLC 2022 Page 4 of 135
Windows Analysis Report 2022 NCAA Bracket Pool.docx
Overview
General Information
Sample Name:
2022 NCAA Bracket Pool.docx
Analysis ID: 582191
MD5: d824fffc39c7c5c…
SHA1: 67f52329a27945…
SHA256: a41abb8c7636e8…
Tags: doc docx
Infos:
Detection
Score: 4
Range: 0 - 100
Whitelisted: false
Confidence: 80%
Signatures
Potential document exploit detected…
Found iframes
No HTML title found
JA3 SSL client fingerprint seen in co…
Potential document exploit detected…
HTML body contains low number of …
Potential document exploit detected…
IP address seen in connection with …
Classification
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
System is w10x64
WINWORD.EXE (PID: 3076 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding MD5:
0B9AB9B9C4DE429473D6450D4297A123)chrome.exe (PID: 6792 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://www.officefootballpool.com/pools.cfm?
poolid=24147&p=2&pwd=bracket2022 MD5: C139654B5C1438A95B321BB01AD63EF6)chrome.exe (PID: 3016 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-
handle=1536,3357430085027574762,3772695428950719861,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
cleanup
⊘ No configs have been found
⊘ No yara matches
⊘ No Sigma rule has matched
Process Tree
Malware Configuration
Yara Signatures
Sigma Signatures
Copyright Joe Security LLC 2022 Page 5 of 135
There are no malicious signatures, There are no malicious signatures, click here to show all signaturesclick here to show all signatures ..
InitialAccess
Execution PersistencePrivilegeEscalation
DefenseEvasion
CredentialAccess
DiscoveryLateralMovement
Collection ExfiltrationCommandandControl
NetworkEffects
RemoteServiceEffects
Impact
1Drive-byCompromise
3Exploitationfor ClientExecution
PathInterception
1ProcessInjection
3Masquerading
OSCredentialDumping
1File andDirectoryDiscovery
RemoteServices
Data fromLocalSystem
ExfiltrationOver OtherNetworkMedium
1EncryptedChannel
Eavesdropon InsecureNetworkCommunication
RemotelyTrackDeviceWithoutAuthorization
ModifySystemPartition
DefaultAccounts
ScheduledTask/Job
Boot orLogonInitialization Scripts
Boot orLogonInitialization Scripts
1ProcessInjection
LSASSMemory
2SystemInformationDiscovery
RemoteDesktopProtocol
Data fromRemovableMedia
ExfiltrationOverBluetooth
3Non-ApplicationLayerProtocol
Exploit SS7to RedirectPhoneCalls/SMS
RemotelyWipe DataWithoutAuthorization
DeviceLockout
DomainAccounts
At (Linux) LogonScript(Windows)
LogonScript(Windows)
ObfuscatedFiles orInformation
SecurityAccountManager
QueryRegistry
SMB/Windows AdminShares
Data fromNetworkSharedDrive
AutomatedExfiltration
4ApplicationLayerProtocol
Exploit SS7to TrackDeviceLocation
ObtainDeviceCloudBackups
DeleteDeviceData
LocalAccounts
At(Windows)
LogonScript(Mac)
LogonScript(Mac)
BinaryPadding
NTDS SystemNetworkConfigurationDiscovery
DistributedComponentObjectModel
InputCapture
ScheduledTransfer
1IngressToolTransfer
SIM CardSwap
CarrierBillingFraud
Joe Sandbox Signatures
Mitre Att&ck Matrix
Behavior Graph
Copyright Joe Security LLC 2022 Page 6 of 135
Behavior GraphID: 582191
Sample: 2022 NCAA Bracket Pool.docx
Startdate: 03/03/2022
Architecture: WINDOWS
Score: 4
www.officefootballpool.com officefootballpool.com
chrome.exe
15 465
started
WINWORD.EXE
39 33
started
192.168.2.1
unknown
unknown
192.168.2.30
unknown
unknown
239.255.255.250
unknown
Reserved
C:\...\pnacl_public_x86_64_pnacl_sz_nexe, ELF
dropped
C:\...\pnacl_public_x86_64_pnacl_llc_nexe, ELF
dropped
C:\Users\user\...\pnacl_public_x86_64_ld_nexe, ELF
dropped
chrome.exe
38
started
officefootballpool.com
208.42.248.224, 443, 49752, 49753
LATISYS-DENVERUS
United States
www-googletagmanager.l.google.com
142.250.181.232, 443, 49786, 53617
GOOGLEUS
United States
14 other IPs or domains
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Screenshots
Thumbnails
Copyright Joe Security LLC 2022 Page 7 of 135
Source Detection Scanner Label Link
2022 NCAA Bracket Pool.docx 0% Virustotal Browse
2022 NCAA Bracket Pool.docx 0% ReversingLabs
Source Detection Scanner Label Link
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
0% Virustotal Browse
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
0% Metadefender Browse
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
0% ReversingLabs
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
0% Virustotal Browse
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
0% Metadefender Browse
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
0% ReversingLabs
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
0% Virustotal Browse
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
0% Metadefender Browse
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Dropped Files
Copyright Joe Security LLC 2022 Page 8 of 135
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
0% ReversingLabs
Source Detection Scanner Label Link
⊘ No Antivirus matches
⊘ No Antivirus matches
Source Detection Scanner Label Link
https://cdn.entity. 0% URL Reputation safe
https://rpsticket.partnerservices.getmicrosoftkey.com 0% URL Reputation safe
https://api.aadrm.com/ 0% URL Reputation safe
https://res.getmicrosoftkey.com/api/redemptionevents 0% URL Reputation safe
https://officeci.azurewebsites.net/api/ 0% URL Reputation safe
https://store.office.cn/addinstemplate 0% URL Reputation safe
https://www.odwebp.svc.ms 0% URL Reputation safe
https://api.addins.store.officeppe.com/addinstemplate 0% URL Reputation safe
https://ncus.contentsync. 0% URL Reputation safe
https://wus2.contentsync. 0% URL Reputation safe
https://skyapi.live.net/Activity/ 0% URL Reputation safe
https://api.cortana.ai 0% URL Reputation safe
https://staging.cortana.ai 0% URL Reputation safe
https://wus2.pagecontentsync. 0% URL Reputation safe
https://cortana.ai/api 0% URL Reputation safe
https://roaming.edog. 0% URL Reputation safe
Name IP Active Malicious Antivirus Detection Reputation
stackpath.bootstrapcdn.com 104.18.10.207 true false high
gstaticadssl.l.google.com 142.250.185.195 true false high
a.nel.cloudflare.com 35.190.80.1 true false high
accounts.google.com 172.217.23.109 true false high
www-google-analytics.l.google.com 142.250.185.110 true false high
cdnjs.cloudflare.com 104.16.18.94 true false high
www-googletagmanager.l.google.com 142.250.181.232 true false high
officefootballpool.com 208.42.248.224 true false high
clients.l.google.com 142.250.185.142 true false high
googlehosted.l.googleusercontent.com 142.250.186.65 true false high
clients2.googleusercontent.com unknown unknown false high
www.officefootballpool.com unknown unknown false high
clients2.google.com unknown unknown false high
code.jquery.com unknown unknown false high
www.clickcease.com unknown unknown false high
Name Malicious Antivirus Detection Reputation
https://www.officefootballpool.com/include/fontawesome-pro/webfonts/fa-brands-400.woff2 false high
https://www.officefootballpool.com/include/fontawesome-pro/css/all.css false high
https://www.officefootballpool.com/include/documentReady-v6.js?v=24 false high
Unpacked PE Files
Domains
URLs
Domains and IPs
Contacted Domains
Contacted URLs
Copyright Joe Security LLC 2022 Page 9 of 135
https://www.officefootballpool.com/menubar/mainmenu_0_tp.xml?v=32 false high
https://www.officefootballpool.com/include/bootstrapofpv3.css false high
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js false high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
false high
https://www.officefootballpool.com/themes/theme-0-1/ofpLogoText.svg?v=3 false high
https://www.officefootballpool.com/include/start-a-pool-v2.css?v=63 false high
https://www.officefootballpool.com/include/joinpool.js?v=24 false high
https://www.officefootballpool.com/include/fixbootstrap.css?v=63 false high
https://www.officefootballpool.com/images/favicon.ico false high
https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022 false high
https://www.officefootballpool.com/themes/theme-0-1/styles.css?v=10 false high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false high
https://www.officefootballpool.com/include/general-v46.js?v=24 false high
https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js false high
https://www.officefootballpool.com/themes/theme-0-1/ofpLogo.svg false high
https://www.officefootballpool.com/include/cardScript.js?v=24 false high
Name Malicious Antivirus Detection Reputation
Name Source Malicious Antivirus Detection Reputation
https://shell.suite.office.com:1443 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://autodiscover-s.outlook.com/ 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://cdn.entity. 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://rpsticket.partnerservices.getmicrosoftkey.com1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
https://easylist.to/) LICENSE.txt.7.dr false high
https://lookup.onenote.com/lookup/geolocation/v11B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://api.aadrm.com/ 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://api.microsoftstream.com/api/ 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://cr.office.com 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
craw_window.js.7.dr false high
https://res.getmicrosoftkey.com/api/redemptionevents1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
https://tasks.office.com 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://officeci.azurewebsites.net/api/ 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
https://www.google.com/tools/feedback feedback_script.js.7.dr false high
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
craw_window.js.7.dr, craw_background.js.7.dr false high
https://store.office.cn/addinstemplate 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
URLs from Memory and Binaries
Copyright Joe Security LLC 2022 Page 10 of 135
https://payments.google.com/payments/v4/js/integrator.js
craw_window.js.7.dr, manifest.json0.7.dr false high
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://www.odwebp.svc.ms 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
https://api.powerbi.com/v1.0/myorg/groups 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://web.microsoftstream.com/video/ 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://api.addins.store.officeppe.com/addinstemplate1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
https://graph.windows.net 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://www.google.com/images/dot2.gif craw_window.js.7.dr false high
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://ncus.contentsync. 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
weather.service.msn.com/data.aspx 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://feedback.googleusercontent.com manifest.json3.7.dr false high
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://wus2.contentsync. 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
https://clients.config.office.net/user/v1.0/ios 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://www.google.com/images/cleardot.gif craw_window.js.7.dr false high
https://play.google.com 8196c716-6576-4d9c-b693-44ddae3afb47.tmp.8.dr, 0e241ac0-acc6-4364-aef1-82c82f109d23.tmp.8.dr
false high
https://o365auditrealtimeingestion.manage.office.com1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://outlook.office365.com/api/v1.0/me/Activities1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://clients.config.office.net/user/v1.0/android/policies
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://entitlement.diagnostics.office.com 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://outlook.office.com/ 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://accounts.google.com/MergeSession craw_window.js.7.dr false high
https://storage.live.com/clientlogs/uploadlocation 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://substrate.office.com/search/api/v1/SearchHistory
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket20222%Join
History Provider Cache.7.dr false high
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://graph.windows.net/ 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://apis.google.com 8196c716-6576-4d9c-b693-44ddae3afb47.tmp.8.dr, manifest.json3.7.dr, 0e241ac0-acc6-4364-aef1-82c82f109d23.tmp.8.dr
false high
https://devnull.onenote.com 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://messaging.office.com/ 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://skyapi.live.net/Activity/ 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
https://www.google.com/intl/en-US/chrome/blank.html
craw_background.js.7.dr false high
https://api.cortana.ai 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
https://visio.uservoice.com/forums/368202-visio-on-devices
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://staging.cortana.ai 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
Name Source Malicious Antivirus Detection Reputation
Copyright Joe Security LLC 2022 Page 11 of 135
https://onedrive.live.com/embed? 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://augloop.office.com 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
pnacl_public_x86_64_crtbegin_for_eh_o.7.dr false high
https://api.diagnosticssdf.office.com/v2/file 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://api.diagnostics.office.com 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://store.office.de/addinstemplate 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://wus2.pagecontentsync. 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
https://api.powerbi.com/v1.0/myorg/datasets 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://cortana.ai/api 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
https://support.google.com/chromecast/answer/2998456
messages.json32.7.dr, messages.json34.7.dr, feedback.html.7.dr, messages.json31.7.dr, messages.json73.7.dr, messages.json61.7.dr, messages.json79.7.dr, messages.json80.7.dr, messages.json76.7.dr, messages.json0.7.dr, messages.json71.7.dr, messages.json85.7.dr, messages.json67.7.dr, messages.json46.7.dr, messages.json49.7.dr, messages.json72.7.dr, messages.json50.7.dr, messages.json5.7.dr, messages.json70.7.dr, messages.json58.7.dr, messages.json60.7.dr
false high
https://clients2.googleusercontent.com 8196c716-6576-4d9c-b693-44ddae3afb47.tmp.8.dr, 0e241ac0-acc6-4364-aef1-82c82f109d23.tmp.8.dr
false high
https://chromium.googlesource.com/a/native_client/pnacl-clang.git
pnacl_public_x86_64_crtbegin_for_eh_o.7.dr false high
https://clients2.google.com/service/update2/crx manifest.json.7.dr, manifest.json3.7.dr, manifest.json0.7.dr
false high
https://api.diagnosticssdf.office.com 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://login.microsoftonline.com/ 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022i
thumbnail.emf false high
https://roaming.edog. 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false URL Reputation: safe unknown
https://api.addins.omex.office.net/appinfo/query 1B1F1FA2-4480-408A-AA09-8E599A0521EE.0.dr false high
Name Source Malicious Antivirus Detection Reputation
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
World Map of Contacted IPs
Public IPs
Copyright Joe Security LLC 2022 Page 12 of 135
IP Domain Country Flag ASN ASN Name Malicious
104.18.10.207 stackpath.bootstrapcdn.com
United States 13335 CLOUDFLARENETUS false
172.217.23.109 accounts.google.com United States 15169 GOOGLEUS false
142.250.181.232 www-googletagmanager.l.google.com
United States 15169 GOOGLEUS false
142.250.185.142 clients.l.google.com United States 15169 GOOGLEUS false
35.190.80.1 a.nel.cloudflare.com United States 15169 GOOGLEUS false
104.16.18.94 cdnjs.cloudflare.com United States 13335 CLOUDFLARENETUS false
142.250.185.110 www-google-analytics.l.google.com
United States 15169 GOOGLEUS false
208.42.248.224 officefootballpool.com United States 29863 LATISYS-DENVERUS false
239.255.255.250 unknown Reserved unknown unknown false
142.250.185.195 gstaticadssl.l.google.com United States 15169 GOOGLEUS false
142.250.186.65 googlehosted.l.googleusercontent.com
United States 15169 GOOGLEUS false
IP
192.168.2.1
192.168.2.30
127.0.0.1
Joe Sandbox Version: 34.0.0 Boulder Opal
Analysis ID: 582191
Start date: 03.03.2022
Start time: 08:33:49
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 7m 4s
Hypervisor based Inspection enabled: false
Report type: light
Sample file name: 2022 NCAA Bracket Pool.docx
Cookbook file name: defaultwindowsofficecookbook.jbs
Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name: Potential for more IOCs and behavior
Number of analysed new started processes analysed:
21
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: HCA enabledEGA enabledHDC enabledAMSI enabled
Analysis Mode: default
Analysis stop reason: Timeout
Detection: CLEAN
Classification: clean4.winDOCX@35/221@10/14
EGA Information: Failed
HDC Information: Failed
HCA Information: Successful, ratio: 100%Number of executed functions: 0Number of non-executed functions: 0
Private
General Information
Copyright Joe Security LLC 2022 Page 13 of 135
Cookbook Comments: Adjust boot timeEnable AMSIFound application associated with file extension: .docxFound Word or Excel or PowerPoint or XPS ViewerAttach to Office via COMBrowse link: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Scroll downClose ViewerBrowse: https://www.officefootballpool.com/pools.cfm?p=2Browse: https://www.officefootballpool.com/pools.cfm?p=2&canceljoin=1
Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe,wuapihost.exeTCP Packets have been reduced to 100Created / dropped Files have been reduced to 100Excluded IPs from analysis (wh itelisted): 52.109.76.68, 52.109.76.36, 52.109.8.23, 142.250.185.78, 173.194.187.166, 173.194.187.6, 69.16.175.10, 69.16.175.42, 142.250.181.234, 142.250.185.67, 188.114.97.7, 188.114.96.7, 172.217.23.106, 142.250.184.195, 142.250.186.42, 142.250.186.74, 142.250.186.106, 142.250.186.138, 142.250.186.170, 172.217.18.106,142.250.184.202, 216.58.212.138, 142.250.185.74, 142.250.185.106, 142.250.185.138, 142.250.185.170, 142.250.185.202, 142.250.185.234, 142.250.184.234, 74.125.162.41,173.194.187.42Excluded domains from analysis (whitelisted): r1---sn-4g5e6ns6.gvt1.com, cds.s5x3j6q5.hwcdn.net, r4---sn-4g5lznek.gvt1.com, prod-w.nexus.live.com.akadns.net, r1.sn-4g5e6nz7.gvt1.com, clientservices.googleapis.com, arc.msn.com, redirector.gvt1.com, www.googletagmanager.com, r5---sn-4g5lzney.gvt1.com, www.clickcease.com.cdn.cloudflare.net,update.googleapis.com, nexus.officeapps.live.com, displaycatalog.mp.microsoft.com, officeclient.microsoft.com, r5---sn-4g5e6nsd.gvt1.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.gstatic.com, www.google-analytics.com, fonts.googleapis.com, content-autofill.googleapis.com, r1---sn-4g5e6nz7.gvt1.com, fonts.gstatic.com, prod.configsvc1.live.com.akadns.net, r1.sn-4g5e6ns6.gvt1.com, ctldl.windowsupdate.com, r5.sn-4g5e6nsd.gvt1.com, www.googleapis.com, r4.sn-4g5lznek.gvt1.com, ris.api.iris.microsoft.com, config.officeapps.live.com, r1---sn-4g5e6ns7.gvt1.com, r3---sn-4g5lzner.gvt1.com, europe.configsvc1.live.com.akadns.netNot all processes where analyzed, report is missing behavior informationReport size getting too big, t oo many NtCreateFile calls found.Report size getting too big, t oo many NtOpenFile calls found.Report size getting too big, t oo many NtQueryAttributesFile calls found.Report size getting too big, t oo many NtQueryVolumeInformationFile calls found.Report size getting too big, t oo many NtSetInformationFile calls found.Report size getting too big, t oo many NtWriteVirtualMemory calls found.
⊘ No simulations
⊘ No context
⊘ No context
⊘ No context
⊘ No context
⊘ No context
Warnings
Simulations
Behavior and APIs
Joe Sandbox View / Context
IPs
Domains
ASNs
JA3 Fingerprints
Dropped Files
Copyright Joe Security LLC 2022 Page 14 of 135
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: data
Category: dropped
Size (bytes): 451603
Entropy (8bit): 5.009711072558331
Encrypted: false
SSDEEP: 12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5: A78AD14E77147E7DE3647E61964C0335
SHA1: CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256: 0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512: DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious: false
Reputation: high, very likely benign file
Preview: BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: data
Category: dropped
Size (bytes): 92724
Entropy (8bit): 3.7463741497991445
Encrypted: false
SSDEEP: 384:Pn8xSlaC83pY8beFNyrnvmO3Ve0pHkdGJwrbISkxVY4IrrTimvUr4y2eVOQ0mNL2:3GJhikl9QeP0ecE3D2uKMOWBK
MD5: 959252D66E2AF051E40B1DC03EC6BE23
SHA1: 6879102BA33F6192F750BB8A5320E8378E2B36F0
SHA-256: 90103AA2666FD9B80A123428FE9EB97299D43CE08C72136BD3F67F8663D85360
SHA-512: D4E7C5A399E4002937BDBFA46A7F16B40E57CC14DF6ED12FDE94142800A8BD7A29D0DDC0B67F6764D6733AE1BCA5095F522DA21A3B124F2617C0C39BE4F0350B
Malicious: false
Reputation: low
Preview: 0j..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...pU8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\[email protected]/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 190807
Entropy (8bit): 6.045264396408203
Encrypted: false
SSDEEP: 3072:YR45ZQDsyvEmtJ4WD6NLn+0C6BlVFcbXafIB0u1GOJmA3iuRL:lP+syZ4H+1EljaqfIlUOoSiuRL
MD5: 41AC0960E45708A07A40EF7EA4D9C4F1
SHA1: 62144BEFC0E648CB33AF2AD33C4B068117A9D8D2
SHA-256: 6346C31985C614D490347751838E57C242A125250740856D5B9163CDD11DED59
SHA-512: 7EAE6DD9079A7670F886EAC50001042DC8AEBBBC0767405F54311602CD5E69C91351D86ACEC9D845A6EBF8FFA807F7ACBDDB26CCC08A869BE5BA4C6F624CAC09
Malicious: false
Reputation: low
Created / dropped Files
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
C:\Users\user\AppData\Local\Google\Chrome\User Data\1f8a7b86-571d-4f4a-9ddb-de291fbc0399.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\24d331dc-a172-4f2c-a19a-63b7b907ed63.tmp
Copyright Joe Security LLC 2022 Page 15 of 135
Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.646325327304578e+12,"network":1.646292929e+12,"ticks":177276120.0,"uncertainty":3694436.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799345551"},"plugins":{"metadata":{"adobe-flash-player":{"disp
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 190807
Entropy (8bit): 6.045264427420573
Encrypted: false
SSDEEP: 3072:fR45ZQDsyvEmtJ4WD6NLn+0C6BlVFcbXafIB0u1GOJmA3iuRL:6P+syZ4H+1EljaqfIlUOoSiuRL
MD5: 8C739D197C1F5B18C830CFA4BB16D158
SHA1: B3C3899CBACFAA5E8366E8482D8E4EB2BAC61666
SHA-256: AE8BD27D2E0592747463BDB65E5927D6C8DBDD5BD573DEA69424BC0E18511020
SHA-512: 4BF422134AC6C4A44EC969535755443078A3D192D7520D6A00A25F34ECCCC53285536D9DA3F04F98C57DA181A077794B1A17CAA37FE65BB5935A32FCDCA2CA75
Malicious: false
Reputation: low
Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.646325327304578e+12,"network":1.646292929e+12,"ticks":177276120.0,"uncertainty":3694436.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799345551"},"plugins":{"metadata":{"adobe-flash-player":{"disp
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 199271
Entropy (8bit): 6.074058193036547
Encrypted: false
SSDEEP: 3072:wXUR45ZQDsyvEmtJ4WD6NLn+0C6BlVFcbXafIB0u1GOJmA3iuRL:wZP+syZ4H+1EljaqfIlUOoSiuRL
MD5: 82CFA5A1254F07293823F8A41435D7CD
SHA1: FB9B5D71F90B5AF53F35FD55FC7504575452C6F5
SHA-256: 348487317FCE8AD0428213588EBFC173D0135F955DE96FE3F5087EC46148AF25
SHA-512: 49D9AD0C16EC62A09E8BE23AA8EBE9FD30386339832E011AEBD8C0BA16B6E10D241A4727A92E444161E4AD603832081091C3D67B63A94D465DE9413CFD2BCB9C
Malicious: false
Reputation: low
Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.646325327304578e+12,"network":1.646292929e+12,"ticks":177276120.0,"uncertainty":3694436.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799345551"},"plugins":{"metadata":{"adobe-flash-player":{"disp
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 190901
Entropy (8bit): 6.045530257371815
Encrypted: false
SSDEEP: 3072:QR45ZQDsyvEmtJ4WD6NLn+0C6BlVFcbXafIB0u1GOJmA3iuRL:dP+syZ4H+1EljaqfIlUOoSiuRL
MD5: 392EFC2FC3ADE954A108590D469CE791
SHA1: 1638B8E87BA653F27C8E0EC1F2EB08BC7DB20D17
SHA-256: 6CCCAB41FA97E9B05E8073A71926BD7B5E34B64BAE454AA1D9DDCC018E2682DE
C:\Users\user\AppData\Local\Google\Chrome\User Data\27305238-52e1-4385-829b-e2585c9eb22e.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\2a55cf5b-0ac4-4652-81ce-32218e7007a9.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\3904b8f2-82f6-47de-8a75-0f70aa583b26.tmp
Copyright Joe Security LLC 2022 Page 16 of 135
SHA-512: BEF108A069F59EB5AE5B795E97BBC9C859A2A00DAB78540A1158C2518C4DD5721902C51452F2B669D1933E5CEE75811A2AA67F12217A2F0A7AF9C5174F9F28FA
Malicious: false
Reputation: low
Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.646325327304578e+12,"network":1.646292929e+12,"ticks":177276120.0,"uncertainty":3694436.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799345551"},"plugins":{"metadata":{"adobe-flash-player":{"disp
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 191005
Entropy (8bit): 6.045820787679813
Encrypted: false
SSDEEP: 3072:XR45ZQDsyvEmtJ4WD6NLn+0C6BlVFcbXafIB0u1GOJmA3iuRL:yP+syZ4H+1EljaqfIlUOoSiuRL
MD5: 4114E3E18F05781E0D0AD5179F053A17
SHA1: C29755449136F026BB670BC2660AE9EC76CB8464
SHA-256: A050BE59BE202463A977EB6975AFAEAEFF7D21B72D7B45406C5545B62E5DB25C
SHA-512: 7FCC13F524DDA8868608C22294AFA2ACA5DA298D8ACD19CF16CB887A013F400A4CA79E07916A734FB76E6CCA468DF99EDB9BA10824669F4AF76D512D9E4B9BC1
Malicious: false
Reputation: low
Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.646325327304578e+12,"network":1.646292929e+12,"ticks":177276120.0,"uncertainty":3694436.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799345551"},"plugins":{"metadata":{"adobe-flash-player":{"disp
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 190901
Entropy (8bit): 6.045530790090492
Encrypted: false
SSDEEP: 3072:LR45ZQDsyvEmtJ4WD6NLn+0C6BlVFcbXafIB0u1GOJmA3iuRL:uP+syZ4H+1EljaqfIlUOoSiuRL
MD5: 1959FE0F7429A10028804F300A0E9E7D
SHA1: 7CBDF3A635F7EC0006B2E85D4A7DAE18964FB4C7
SHA-256: 18FFE3EE985F4463EF43D2545FA597E77FBA5444017DB0B944924B550C7E882A
SHA-512: 5E132B89A620F6FB97064ED25F9FFF6853E39156AE352C3003E689D9582CF5601EDAD7E683F77577F43DBCEDF7A45D6526D013720060C1FD783EA8C8C24E5E14
Malicious: false
Reputation: low
Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.646325327304578e+12,"network":1.646292929e+12,"ticks":177276120.0,"uncertainty":3694436.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799345551"},"plugins":{"metadata":{"adobe-flash-player":{"disp
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 199271
Entropy (8bit): 6.0740584822478105
Encrypted: false
SSDEEP: 3072:wXUR45ZQDsyvEmtJ4WD6NLn+0C6BlVFcbXafIB0u1GOJmA3iuRL:wZP+syZ4H+1EljaqfIlUOoSiuRL
C:\Users\user\AppData\Local\Google\Chrome\User Data\5af96e48-7a06-41e2-b40d-9359bc39b2e0.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\625a408e-6401-430c-98f5-c95c7674dd83.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\9a118410-2194-4f17-85d0-850c1b3dc863.tmp
Copyright Joe Security LLC 2022 Page 17 of 135
MD5: 5F3029AA7CBF2F0AB25164449C628277
SHA1: FD47F41C59529D6F6653774E13D289FE1AF5FF0E
SHA-256: 5270FB0078BB177F793D6E9060193DC4A69F4544168103776A2635F978836DE7
SHA-512: 49E798A4C0793DCAD7DA954E2023AA5783EB30BD2E07EEC867E08207BAF631C64A1D4CDEBE18DA6B370AF82828AD6C7142A9605439FFAEE0A441225D547B3DE8
Malicious: false
Reputation: low
Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.646325327304578e+12,"network":1.646292929e+12,"ticks":177276120.0,"uncertainty":3694436.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: data
Category: dropped
Size (bytes): 40
Entropy (8bit): 3.254162526001658
Encrypted: false
SSDEEP: 3:FkXft0xE1n:+ftIE1n
MD5: BD4642AD6C750A12D912B20BCB92E14D
SHA1: C549F0F48FDD4FBC62E51AC26D7E185160CE2123
SHA-256: 4FD71FE78DFE203137C89C9FB0734358FF432F2BC83338112DC7B830F9B30F2C
SHA-512: 04410D12EF327614C3AF1251C9906BFEB2977211A7F53CBB08A8C01F9465A382CD001E51AB936A0D196D359F1DECDDAEAF5E7D1DBD49CE5F4FF91BF5C332B6CF
Malicious: false
Reputation: moderate, very likely benign file
Preview: sdPC....................s}.....M..2.!..%
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 23157
Entropy (8bit): 5.530441498917883
Encrypted: false
SSDEEP: 384:kbStULl9RX21kXqKf/pUZNCgVLH2HfDfrUmHGhnTJlPK4E:mLlv21kXqKf/pUZNCgVLH2Hf7rUGGhnK
MD5: A952BB9D9AE899131B6B1B4FE8451B19
SHA1: 6CB25AE66C741E965C2FAEF1D35EE7AE2DB04A5B
SHA-256: 8681DA40D96FB939EAA1E0A6EF2391A72F817A2FC6150C790161E2944B588669
SHA-512: 5BF11F7B110211637BA7CA74F4D8B0DC1EB3559CB28AFA19FAAE60F840CBDB1FBA5237675AED7F998C83E8FCDB856BD618DFEC94540DD00EC85C9AA32C16A626
Malicious: false
Preview: {"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13290798925235250","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 4219
Entropy (8bit): 4.871684703914691
Encrypted: false
SSDEEP: 48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
MD5: EDC4A4E22003A711AEF67FAED28DB603
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\09b19449-6951-48be-b79f-fef1ab200159.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0e241ac0-acc6-4364-aef1-82c82f109d23.tmp
Copyright Joe Security LLC 2022 Page 18 of 135
SHA1: 977E551B9ED5F60D018C030B0B4AA2E33B954556
SHA-256: DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
SHA-512: 84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
Malicious: false
Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 17514
Entropy (8bit): 5.573209789664265
Encrypted: false
SSDEEP: 384:kbStULl9RX21kXqKf/pUZNCgVLH2HfDfrUVAK44:mLlv21kXqKf/pUZNCgVLH2Hf7rUuKD
MD5: 0626CC0F7C2B8AE4F71697B3083E4B25
SHA1: 61BE1F162FD6A647D9987582D81FA12F68DAC294
SHA-256: 8EBAAFBF6F8A64D4CCDE3FBAD6FD580D52F47A65A31BF1A939CFA2B7C2504084
SHA-512: 786BD722283929BBED864967BCBC76335B0620E07E1675BD030EB31193A7ECC30997D19C952A35C79D669E2A18DFCF2313FDB1DFD9AA685C1A4C4EB6393ED654
Malicious: false
Preview: {"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13290798925235250","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 5820
Entropy (8bit): 5.193606813340581
Encrypted: false
SSDEEP: 96:nsCJ3MS9T+2cKIYok0JCKL8FqkQjTbOTQVuwn:nsC19fcV4KLkQr
MD5: DF81AA39B75252D43F258E40264CFE9C
SHA1: 827A8B27F1705C3DFAD49799BA14BAD6E5CB9573
SHA-256: 18C120F916E9E3C642123331749E0EF716C794DF0492AF1B23ECE9FDE774133C
SHA-512: 70F231CBF9D4CD7B058700C6C5A93A177F60B7D6E58E7BFFD2A269A6A29DCEB6A3228F63A957079903D5BB6C201BC49AD9033488C689B1E24E5B3FF7552F2D8E
Malicious: false
Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13290798926011231","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 17513
Entropy (8bit): 5.573383810999145
Encrypted: false
SSDEEP: 384:kbStlLl9RX21kXqKf/pUZNCgVLH2HfDfrUfAK4Q:/Llv21kXqKf/pUZNCgVLH2Hf7rU4Kf
MD5: A2DF2B7FA030C8AA7A72A8F926B6A609
SHA1: 74C63316CF88F13F2336769A67C17592773864AC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0f18da85-ac1b-4e69-b070-e9e926b9a917.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2806e168-28cb-4dc0-a585-2aadee644383.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\48c41bd9-ee75-4a0c-ba25-a5d562b48b37.tmp
Copyright Joe Security LLC 2022 Page 19 of 135
SHA-256: 675D428F6E577A640905AB5440634664BFC02F3729E0ECDCB7B7528556AB0F40
SHA-512: 27671D9D8452E9687D61D4C6B33C9D14CD3465E137E3AE77339008059FF4F1DD0B6972E8D15090FEC1E634C9741E672AB41E62068ABACF0E0DEB637DBDCCC95E
Malicious: false
Preview: {"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13290798925235250","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 5199
Entropy (8bit): 4.984709665844545
Encrypted: false
SSDEEP: 96:nsCJTS9pcKIYok0JCKL8Ik91WbOTQVuwn:nsC09pcV4Knk9W
MD5: CBED4A339C01649AA4E1AF5ABB13E709
SHA1: 7F73FA266182B3BDD99027FEE8D6A0C8A7CB88E5
SHA-256: 0D94A2ABBBAD887CD57DA9D06343EF2DCD01F56FCF339C0F2894C14DA922E87D
SHA-512: 00448F3CAE84F406CE40396D9530F70BE915590D65004FDB796744E9235921DADA3F63517997BAF43DD5CA1738466986C67CF2223611615A2498A82EA92D397D
Malicious: false
Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13290798926011231","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 19603
Entropy (8bit): 5.560182443398202
Encrypted: false
SSDEEP: 384:kbStULl9RX21kXqKf/pUZNCgVLH2HfDfrUmHG1OK4hc:mLlv21kXqKf/pUZNCgVLH2Hf7rUGGAKp
MD5: 2CA68322477AFE9AF291979AE0FA3F04
SHA1: 2C539F2AA93EC6289C8558ABC711197671B70989
SHA-256: 22AEC08E94FE8D496BC61F4296DFD11B2D1630245FE6B4B83A4FEB0ABE749CB7
SHA-512: BD83D2AFEA136BC3D0CF90AFCC1B3E0AC4CF8E8A128B9CC105F17A2BA8798B923B95BCD6704CC4AA90B4CF2CC56A6D43EC0FEB6D7B6355A827B251E7BF150A17
Malicious: false
Preview: {"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13290798925235250","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 2868
Entropy (8bit): 4.903852340413388
Encrypted: false
SSDEEP: 48:Y2TntwXGDH3qz5siGsJRLs7PTjdsca/sA7s85s0MHSsnMH6sbMHp0KsktMHQfbD:JTnOXGDHazVfixa9hfGVGpGxGQfH
MD5: 92AE10345F0BE0A2E758EBB95F7E44A8
SHA1: 0DD734F7AEF06FA3C33114D2A3D7F3309A42215D
SHA-256: C25CD128446475F93852E5F53FF43CE1D825B15142AD018BA7C86E343B2D24D8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6393ee2c-430a-4112-8889-918b78171fb4.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\727e9068-8d58-4927-a4f8-196262968a71.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8196c716-6576-4d9c-b693-44ddae3afb47.tmp
Copyright Joe Security LLC 2022 Page 20 of 135
SHA-512: 54DD5054EF42F5C1394DE8CE2A3781EC63B4D353D42C14BD788866701CCD8428D764703804B29E25470FDDA6870D944700B62EF3B4BB795EE3D7847E68F3F5DE
Malicious: false
Preview: {"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13293390927419018","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com"},{"alternative_service":[{"advertised_versions":[50],"expiration":"13293390927451468","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"al
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 5198
Entropy (8bit): 4.985023205496986
Encrypted: false
SSDEEP: 96:nsCJ3GS9pcKIYok0JCKL8FqkQjRbOTQVuwn:nsCH9pcV4KLkQd
MD5: 1D5613BCA668F5E5590CF409CF6C8C6D
SHA1: CF1582E1E26ADBB6ECA635291570D4F5FA697105
SHA-256: A55D5C3314E872955E26892A33EEFE19E85400D433C4AEC806959DD54B82ABD7
SHA-512: B27E385AA51A3BA8C2EE7A1CA5FB411BE12620BA7E621F53FE55164D13F84D0B7E9E232D9FB69B94198213B2754C9391F9C7C72F9FDEA4A3E5344874450B1863
Malicious: false
Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13290798926011231","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 11217
Entropy (8bit): 6.069602775336632
Encrypted: false
SSDEEP: 192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
MD5: 90F880064A42B29CCFF51FE5425BF1A3
SHA1: 6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
SHA-256: 965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
SHA-512: D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
Malicious: false
Preview: {"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 23474
Entropy (8bit): 6.059847580419268
Encrypted: false
SSDEEP: 384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb
MD5: 6AE2135EA4583C2F06CDEBEA4AE70FA4
SHA1: DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\94a574bc-4b20-4d9b-b474-bc387fbc21d3.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\comput
ed_hashes.json
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\c
omputed_hashes.json
Copyright Joe Security LLC 2022 Page 21 of 135
SHA-256: 03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
SHA-512: B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312
Malicious: false
Preview: {"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQRpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc=","eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKnMKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9uqQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: data
Category: dropped
Size (bytes): 38
Entropy (8bit): 1.8784775129881184
Encrypted: false
SSDEEP: 3:FQxlXNQxlX:qTCT
MD5: 51A2CBB807F5085530DEC18E45CB8569
SHA1: 7AD88CD3DE5844C7FC269C4500228A630016AB5B
SHA-256: 1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
SHA-512: B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
Malicious: false
Preview: .f.5................f.5...............
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text
Category: dropped
Size (bytes): 372
Entropy (8bit): 5.237197509752902
Encrypted: false
SSDEEP: 6:m86XpLWXIq2PWXp+N23iKKdK25+Xqx8chI+IFUtqVN86XpLb1XZmwYVN86XpLSD6:opmIva5KkTXfchI3FUtipJ/Apa5f5KkI
MD5: E26FE2035C05617BC83156DE3399A8E7
SHA1: EF2BC0A2D3EAAACE81B683700EEFBFFF905AFB88
SHA-256: B12AE0EEBC99B2523300DD3B77CD059E037BD7F27E95D0AC49E61D44B7BE9F8D
SHA-512: 19E90779194CC4C4FC7C762CAC4BAAFF2E4212CB00081108B1D4252D81B1419872455FA0B66048E568EC25F2D23602A8C12605E36BEFAA6E91737D200EA032F9
Malicious: false
Preview: 2022/03/03-08:35:33.933 15b0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2022/03/03-08:35:33.936 15b0 Recovering log #3.2022/03/03-08:35:33.937 15b0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text
Category: dropped
Size (bytes): 372
Entropy (8bit): 5.237197509752902
Encrypted: false
SSDEEP: 6:m86XpLWXIq2PWXp+N23iKKdK25+Xqx8chI+IFUtqVN86XpLb1XZmwYVN86XpLSD6:opmIva5KkTXfchI3FUtipJ/Apa5f5KkI
MD5: E26FE2035C05617BC83156DE3399A8E7
SHA1: EF2BC0A2D3EAAACE81B683700EEFBFFF905AFB88
SHA-256: B12AE0EEBC99B2523300DD3B77CD059E037BD7F27E95D0AC49E61D44B7BE9F8D
SHA-512: 19E90779194CC4C4FC7C762CAC4BAAFF2E4212CB00081108B1D4252D81B1419872455FA0B66048E568EC25F2D23602A8C12605E36BEFAA6E91737D200EA032F9
Malicious: false
Preview: 2022/03/03-08:35:33.933 15b0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2022/03/03-08:35:33.936 15b0 Recovering log #3.2022/03/03-08:35:33.937 15b0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
Copyright Joe Security LLC 2022 Page 22 of 135
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: data
Category: dropped
Size (bytes): 1007
Entropy (8bit): 5.380968230152207
Encrypted: false
SSDEEP: 24:p0Fnvlvf1aH161OQdVOY78BJgskfa9yBDOxo7nQBrxzkoKbbKQ:pOvlvf1416ldV4U8JFH6B
MD5: DD471C7678A4A9E82BED37F6AB6716CD
SHA1: AF1918E3BC0CCB3790F5E7F0A0D740512CC26D4D
SHA-256: 41D5C5FFC53923AE14B8929EE2CEB10DC5D6ACA4E860197401857C2ED6790C40
SHA-512: B36A5C52B859E86FBD335DFFC81CEF3A60B2C5F4D06C6BEC3FE355735737E59EB26E3DDF804071E3A6E48C521D5089F397CAE85E00E25E09D0D65223599622A7
Malicious: false
Preview: ..........."......2..24147..bracket..bracket2022..cfm..com..https..join..my..named..officefootballpool..p..pick..pool..poolid..pools..pwd..the..www*........2......24147......bracket......bracket2022......cfm......com......https......join......my......named......officefootballpool......p......pick......pool......poolid......pools......pwd......the......www..2.........0........1........2..........4........7........a...........b..........c.............d..........e............f.........h.........i...........j........k..........l...........m...........n.........o.............p...............r.........s.........t............w.........y...:...............................................................................................................................................................................B............. .......*Mhttps://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket20222%Join My Pool named 'Pick-The-Bracket':...............J.............#)-4:<>B..
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 2868
Entropy (8bit): 4.903852340413388
Encrypted: false
SSDEEP: 48:Y2TntwXGDH3qz5siGsJRLs7PTjdsca/sA7s85s0MHSsnMH6sbMHp0KsktMHQfbD:JTnOXGDHazVfixa9hfGVGpGxGQfH
MD5: 92AE10345F0BE0A2E758EBB95F7E44A8
SHA1: 0DD734F7AEF06FA3C33114D2A3D7F3309A42215D
SHA-256: C25CD128446475F93852E5F53FF43CE1D825B15142AD018BA7C86E343B2D24D8
SHA-512: 54DD5054EF42F5C1394DE8CE2A3781EC63B4D353D42C14BD788866701CCD8428D764703804B29E25470FDDA6870D944700B62EF3B4BB795EE3D7847E68F3F5DE
Malicious: false
Preview: {"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13293390927419018","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com"},{"alternative_service":[{"advertised_versions":[50],"expiration":"13293390927451468","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"al
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 4219
Entropy (8bit): 4.871684703914691
Encrypted: false
SSDEEP: 48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
MD5: EDC4A4E22003A711AEF67FAED28DB603
SHA1: 977E551B9ED5F60D018C030B0B4AA2E33B954556
SHA-256: DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
SHA-512: 84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
Malicious: false
Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State._ (copy)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State} (copy)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
Copyright Joe Security LLC 2022 Page 23 of 135
Category: dropped
Size (bytes): 5224
Entropy (8bit): 4.98905380476108
Encrypted: false
SSDEEP: 96:nsCJ3ZS9pcKIYok0JCKL8FqkQjTbOTQVuwn:nsCe9pcV4KLkQr
MD5: CEB301F46741F63A8F1E810196AD7333
SHA1: D6D3D59E8612457F803AFE4D329052FF2CA54778
SHA-256: C7EE623121D8A5E2DD1DB38F7667175718CA8468673F9F50A1544F9EB7FA0E31
SHA-512: 648FF0655024EB81D184438CC84E65058170CDED404CB976C60DAF46853D5731575E7866A410C9EF6B790C31297AF4ED23E7C7EE5EBEAFB7EA49F837A4B33C75
Malicious: false
Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13290798926011231","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 5821
Entropy (8bit): 5.193739482847474
Encrypted: false
SSDEEP: 96:nsCi3MS9T+2cKIYok0JCKL8FqkQjTbOTQVuwn:nsCk9fcV4KLkQr
MD5: 13A254D9FE44DC589AEC1AC22366BB12
SHA1: EFC4A3F27FAA39ED40382DF9B73246E5EF2452F3
SHA-256: 33CF7A4165A5474FAD5026AFABF8A815158653B8DEA6773AB476F3CB9D3608CA
SHA-512: 5D3F4BA5AF96CD191A4A261FBD7F2C1AC0C7FAD55544680792D9F7571F4DC4D18E59F6BA80D3A36EA8F6BC37E53EA02DFE31402119F5B2E49C317374172FFBE8
Malicious: false
Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13290798926011231","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0",
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 5820
Entropy (8bit): 5.193606813340581
Encrypted: false
SSDEEP: 96:nsCJ3MS9T+2cKIYok0JCKL8FqkQjTbOTQVuwn:nsC19fcV4KLkQr
MD5: DF81AA39B75252D43F258E40264CFE9C
SHA1: 827A8B27F1705C3DFAD49799BA14BAD6E5CB9573
SHA-256: 18C120F916E9E3C642123331749E0EF716C794DF0492AF1B23ECE9FDE774133C
SHA-512: 70F231CBF9D4CD7B058700C6C5A93A177F60B7D6E58E7BFFD2A269A6A29DCEB6A3228F63A957079903D5BB6C201BC49AD9033488C689B1E24E5B3FF7552F2D8E
Malicious: false
Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13290798926011231","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences. (copy)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences.T (copy)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences\ (copy)
Copyright Joe Security LLC 2022 Page 24 of 135
Category: dropped
Size (bytes): 5199
Entropy (8bit): 4.984709665844545
Encrypted: false
SSDEEP: 96:nsCJTS9pcKIYok0JCKL8Ik91WbOTQVuwn:nsC09pcV4Knk9W
MD5: CBED4A339C01649AA4E1AF5ABB13E709
SHA1: 7F73FA266182B3BDD99027FEE8D6A0C8A7CB88E5
SHA-256: 0D94A2ABBBAD887CD57DA9D06343EF2DCD01F56FCF339C0F2894C14DA922E87D
SHA-512: 00448F3CAE84F406CE40396D9530F70BE915590D65004FDB796744E9235921DADA3F63517997BAF43DD5CA1738466986C67CF2223611615A2498A82EA92D397D
Malicious: false
Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13290798926011231","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 5198
Entropy (8bit): 4.985023205496986
Encrypted: false
SSDEEP: 96:nsCJ3GS9pcKIYok0JCKL8FqkQjRbOTQVuwn:nsCH9pcV4KLkQd
MD5: 1D5613BCA668F5E5590CF409CF6C8C6D
SHA1: CF1582E1E26ADBB6ECA635291570D4F5FA697105
SHA-256: A55D5C3314E872955E26892A33EEFE19E85400D433C4AEC806959DD54B82ABD7
SHA-512: B27E385AA51A3BA8C2EE7A1CA5FB411BE12620BA7E621F53FE55164D13F84D0B7E9E232D9FB69B94198213B2754C9391F9C7C72F9FDEA4A3E5344874450B1863
Malicious: false
Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13290798926011231","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 23157
Entropy (8bit): 5.530441498917883
Encrypted: false
SSDEEP: 384:kbStULl9RX21kXqKf/pUZNCgVLH2HfDfrUmHGhnTJlPK4E:mLlv21kXqKf/pUZNCgVLH2Hf7rUGGhnK
MD5: A952BB9D9AE899131B6B1B4FE8451B19
SHA1: 6CB25AE66C741E965C2FAEF1D35EE7AE2DB04A5B
SHA-256: 8681DA40D96FB939EAA1E0A6EF2391A72F817A2FC6150C790161E2944B588669
SHA-512: 5BF11F7B110211637BA7CA74F4D8B0DC1EB3559CB28AFA19FAAE60F840CBDB1FBA5237675AED7F998C83E8FCDB856BD618DFEC94540DD00EC85C9AA32C16A626
Malicious: false
Preview: {"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13290798925235250","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencesj (copy)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.. (copy)
Copyright Joe Security LLC 2022 Page 25 of 135
Size (bytes): 17513
Entropy (8bit): 5.573383810999145
Encrypted: false
SSDEEP: 384:kbStlLl9RX21kXqKf/pUZNCgVLH2HfDfrUfAK4Q:/Llv21kXqKf/pUZNCgVLH2Hf7rU4Kf
MD5: A2DF2B7FA030C8AA7A72A8F926B6A609
SHA1: 74C63316CF88F13F2336769A67C17592773864AC
SHA-256: 675D428F6E577A640905AB5440634664BFC02F3729E0ECDCB7B7528556AB0F40
SHA-512: 27671D9D8452E9687D61D4C6B33C9D14CD3465E137E3AE77339008059FF4F1DD0B6972E8D15090FEC1E634C9741E672AB41E62068ABACF0E0DEB637DBDCCC95E
Malicious: false
Preview: {"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13290798925235250","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 19603
Entropy (8bit): 5.560182443398202
Encrypted: false
SSDEEP: 384:kbStULl9RX21kXqKf/pUZNCgVLH2HfDfrUmHG1OK4hc:mLlv21kXqKf/pUZNCgVLH2Hf7rUGGAKp
MD5: 2CA68322477AFE9AF291979AE0FA3F04
SHA1: 2C539F2AA93EC6289C8558ABC711197671B70989
SHA-256: 22AEC08E94FE8D496BC61F4296DFD11B2D1630245FE6B4B83A4FEB0ABE749CB7
SHA-512: BD83D2AFEA136BC3D0CF90AFCC1B3E0AC4CF8E8A128B9CC105F17A2BA8798B923B95BCD6704CC4AA90B4CF2CC56A6D43EC0FEB6D7B6355A827B251E7BF150A17
Malicious: false
Preview: {"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13290798925235250","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 17514
Entropy (8bit): 5.573209789664265
Encrypted: false
SSDEEP: 384:kbStULl9RX21kXqKf/pUZNCgVLH2HfDfrUVAK44:mLlv21kXqKf/pUZNCgVLH2Hf7rUuKD
MD5: 0626CC0F7C2B8AE4F71697B3083E4B25
SHA1: 61BE1F162FD6A647D9987582D81FA12F68DAC294
SHA-256: 8EBAAFBF6F8A64D4CCDE3FBAD6FD580D52F47A65A31BF1A939CFA2B7C2504084
SHA-512: 786BD722283929BBED864967BCBC76335B0620E07E1675BD030EB31193A7ECC30997D19C952A35C79D669E2A18DFCF2313FDB1DFD9AA685C1A4C4EB6393ED654
Malicious: false
Preview: {"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13290798925235250","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences/ (copy)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferencese (copy)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferencesjs (copy)
Copyright Joe Security LLC 2022 Page 26 of 135
Category: dropped
Size (bytes): 19604
Entropy (8bit): 5.560220792575324
Encrypted: false
SSDEEP: 384:kbStULl9RX21kXqKf/pUZNCgVLH2HfDfrUmHGilhK4O:mLlv21kXqKf/pUZNCgVLH2Hf7rUGGyKt
MD5: 45F27C9A96BE375E51292F0D5C8F598B
SHA1: 3307833013CD8BF0E316ECD083DC69D78912A3ED
SHA-256: A368D8FE820F0AB813B315CAB2B0565163B682451F005CD391437048D69E8ED6
SHA-512: 1134FFC1390E61029019EE0A233149C925C800F3DD68CA0BC6C1B018EA89602BF8F8B298AA725B20FEE4906F76A7DE3F1F5F979741964262C955C7F979610C4D
Malicious: false
Preview: {"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13290798925235250","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 420
Entropy (8bit): 4.985305467053914
Encrypted: false
SSDEEP: 6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
MD5: C401B619D9D8E0ADABC25A47EE49CFBA
SHA1: C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
SHA-256: 8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
SHA-512: BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
Malicious: false
Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: data
Category: dropped
Size (bytes): 270336
Entropy (8bit): 0.0012471779557650352
Encrypted: false
SSDEEP: 3:MsEllllkEthXllkl2zE:/M/xT02z
MD5: F50F89A0A91564D0B8A211F8921AA7DE
SHA1: 112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256: B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512: BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious: false
Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 420
Entropy (8bit): 4.985305467053914
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\6038690d-c704-498f-8e64-
1a05e9d54867.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State..
(copy)
Copyright Joe Security LLC 2022 Page 27 of 135
Encrypted: false
SSDEEP: 6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
MD5: C401B619D9D8E0ADABC25A47EE49CFBA
SHA1: C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
SHA-256: 8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
SHA-512: BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
Malicious: false
Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: modified
Size (bytes): 420
Entropy (8bit): 4.954960881489904
Encrypted: false
SSDEEP: 12:YHO8sdvBVSsB6M/BVSsBdLJlyH7E4f3K33y:YXsdvjX6gjXdL3yH7n/iy
MD5: F4FEFEEEC722772F9DC0FCE1B52D79B5
SHA1: 00EECFA3B37113D30E7D43BE4383C540F3D93D4D
SHA-256: D33E13C12004A700F246D8C73709114A881609D658E045D54DE36874728D07F0
SHA-512: 41E61EC89366800FD5F4DD704E53B47DE29411B9088B46349A0A350758D08569C14DCC70CF8D6A6FE6D049CB6D32F2B091153E8148A1B5857BD7AF13492071BE
Malicious: false
Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543498399332","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543498399332","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: data
Category: dropped
Size (bytes): 270336
Entropy (8bit): 0.0012471779557650352
Encrypted: false
SSDEEP: 3:MsEllllkEthXllkl2zE:/M/xT02z
MD5: F50F89A0A91564D0B8A211F8921AA7DE
SHA1: 112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256: B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512: BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious: false
Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 420
Entropy (8bit): 4.954960881489904
Encrypted: false
SSDEEP: 12:YHO8sdvBVSsB6M/BVSsBdLJlyH7E4f3K33y:YXsdvjX6gjXdL3yH7n/iy
MD5: F4FEFEEEC722772F9DC0FCE1B52D79B5
SHA1: 00EECFA3B37113D30E7D43BE4383C540F3D93D4D
SHA-256: D33E13C12004A700F246D8C73709114A881609D658E045D54DE36874728D07F0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\73f94b64-5a03-434e-b8
67-53da0d72a7ec.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State..
(copy)
Copyright Joe Security LLC 2022 Page 28 of 135
SHA-512: 41E61EC89366800FD5F4DD704E53B47DE29411B9088B46349A0A350758D08569C14DCC70CF8D6A6FE6D049CB6D32F2B091153E8148A1B5857BD7AF13492071BE
Malicious: false
Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543498399332","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543498399332","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with no line terminators
Category: dropped
Size (bytes): 203
Entropy (8bit): 5.37803461129954
Encrypted: false
SSDEEP: 6:YAQNvWWE9RfSHJR8wXwlmUUAnIMp5RVJqSQ:YO9RAJ9+UAnIc7VQ
MD5: D2304F62973D9863E5EC9532A3EA6F8A
SHA1: D2938ADF6B0A114BF1DF4C16F683BCDD16306687
SHA-256: DE330051F9AC02E3BF6C92EF818227E4345A9CE7F37B50E07AB14A35B30DFBCA
SHA-512: 8E45DA1866B16A2CDA05BF04E651C8AA8E407ACA05CDB887A8F27D18EDA5F3CC53E22B5CE77FB73F5337DCA5CCAD78E41AD4FABBBF4FCF9C11CE98E3B0CE2889
Malicious: false
Preview: {"expect_ct":[],"sts":[{"expiry":1677861330.321981,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1646325330.321987}],"version":2}
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with no line terminators
Category: dropped
Size (bytes): 203
Entropy (8bit): 5.37803461129954
Encrypted: false
SSDEEP: 6:YAQNvWWE9RfSHJR8wXwlmUUAnIMp5RVJqSQ:YO9RAJ9+UAnIc7VQ
MD5: D2304F62973D9863E5EC9532A3EA6F8A
SHA1: D2938ADF6B0A114BF1DF4C16F683BCDD16306687
SHA-256: DE330051F9AC02E3BF6C92EF818227E4345A9CE7F37B50E07AB14A35B30DFBCA
SHA-512: 8E45DA1866B16A2CDA05BF04E651C8AA8E407ACA05CDB887A8F27D18EDA5F3CC53E22B5CE77FB73F5337DCA5CCAD78E41AD4FABBBF4FCF9C11CE98E3B0CE2889
Malicious: false
Preview: {"expect_ct":[],"sts":[{"expiry":1677861330.321981,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1646325330.321987}],"version":2}
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: very short file (no magic)
Category: dropped
Size (bytes): 1
Entropy (8bit): 0.0
Encrypted: false
SSDEEP: 3:L:L
MD5: 5058F1AF8388633F609CADB75A75DC9D
SHA1: 3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256: CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512: 0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious: false
Preview: .
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity0 (copy)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a5c65c32-fd8e-4abe-8085-6597e3e5e63a.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b01df5f8-f6a7-43f8-9ee7-c09dbb3b513f.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\bef4e8f2-3921-4d91-9a11-a5946b9381ee.tmp
Copyright Joe Security LLC 2022 Page 29 of 135
Size (bytes): 5224
Entropy (8bit): 4.98905380476108
Encrypted: false
SSDEEP: 96:nsCJ3ZS9pcKIYok0JCKL8FqkQjTbOTQVuwn:nsCe9pcV4KLkQr
MD5: CEB301F46741F63A8F1E810196AD7333
SHA1: D6D3D59E8612457F803AFE4D329052FF2CA54778
SHA-256: C7EE623121D8A5E2DD1DB38F7667175718CA8468673F9F50A1544F9EB7FA0E31
SHA-512: 648FF0655024EB81D184438CC84E65058170CDED404CB976C60DAF46853D5731575E7866A410C9EF6B790C31297AF4ED23E7C7EE5EBEAFB7EA49F837A4B33C75
Malicious: false
Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13290798926011231","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 19604
Entropy (8bit): 5.560220792575324
Encrypted: false
SSDEEP: 384:kbStULl9RX21kXqKf/pUZNCgVLH2HfDfrUmHGilhK4O:mLlv21kXqKf/pUZNCgVLH2Hf7rUGGyKt
MD5: 45F27C9A96BE375E51292F0D5C8F598B
SHA1: 3307833013CD8BF0E316ECD083DC69D78912A3ED
SHA-256: A368D8FE820F0AB813B315CAB2B0565163B682451F005CD391437048D69E8ED6
SHA-512: 1134FFC1390E61029019EE0A233149C925C800F3DD68CA0BC6C1B018EA89602BF8F8B298AA725B20FEE4906F76A7DE3F1F5F979741964262C955C7F979610C4D
Malicious: false
Preview: {"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13290798925235250","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text
Category: dropped
Size (bytes): 16
Entropy (8bit): 3.2743974703476995
Encrypted: false
SSDEEP: 3:1sjgWIV//Rv:1qIFJ
MD5: 6752A1D65B201C13B62EA44016EB221F
SHA1: 58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
SHA-256: 0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
SHA-512: 9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
Malicious: false
Preview: MANIFEST-000004.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text
Category: dropped
Size (bytes): 16
Entropy (8bit): 3.2743974703476995
Encrypted: false
SSDEEP: 3:1sjgWIV//Rv:1qIFJ
MD5: 6752A1D65B201C13B62EA44016EB221F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c7203867-2261-4bc7-9fce-5d958a0a7 c.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT.. (copy)
Copyright Joe Security LLC 2022 Page 30 of 135
SHA1: 58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
SHA-256: 0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
SHA-512: 9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
Malicious: false
Preview: MANIFEST-000004.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 5821
Entropy (8bit): 5.193739482847474
Encrypted: false
SSDEEP: 96:nsCi3MS9T+2cKIYok0JCKL8FqkQjTbOTQVuwn:nsCk9fcV4KLkQr
MD5: 13A254D9FE44DC589AEC1AC22366BB12
SHA1: EFC4A3F27FAA39ED40382DF9B73246E5EF2452F3
SHA-256: 33CF7A4165A5474FAD5026AFABF8A815158653B8DEA6773AB476F3CB9D3608CA
SHA-512: 5D3F4BA5AF96CD191A4A261FBD7F2C1AC0C7FAD55544680792D9F7571F4DC4D18E59F6BA80D3A36EA8F6BC37E53EA02DFE31402119F5B2E49C317374172FFBE8
Malicious: false
Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13290798926011231","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0",
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: data
Category: dropped
Size (bytes): 106
Entropy (8bit): 3.138546519832722
Encrypted: false
SSDEEP: 3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
MD5: DE9EF0C5BCC012A3A1131988DEE272D8
SHA1: FA9CCBDC969AC9E1474FCE773234B28D50951CD8
SHA-256: 3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
SHA-512: CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
Malicious: false
Preview: C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with no line terminators
Category: dropped
Size (bytes): 13
Entropy (8bit): 2.8150724101159437
Encrypted: false
SSDEEP: 3:Yx7:4
MD5: C422F72BA41F662A919ED0B70E5C3289
SHA1: AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632
SHA-256: 02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
SHA-512: 86010ED2B2EEBDCC5A8A076B37703669C294C6D1BFAAEA963E26A9C94B81B4C53EC765D9425E5B616159C43923F800A891F9B903659575DF02F8845521F8DC46
Malicious: false
Preview: 85.0.4183.121
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\edfb0e26-7007-4550-b9e7-6e8facd42980.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
Copyright Joe Security LLC 2022 Page 31 of 135
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 191005
Entropy (8bit): 6.045820787679813
Encrypted: false
SSDEEP: 3072:XR45ZQDsyvEmtJ4WD6NLn+0C6BlVFcbXafIB0u1GOJmA3iuRL:yP+syZ4H+1EljaqfIlUOoSiuRL
MD5: 4114E3E18F05781E0D0AD5179F053A17
SHA1: C29755449136F026BB670BC2660AE9EC76CB8464
SHA-256: A050BE59BE202463A977EB6975AFAEAEFF7D21B72D7B45406C5545B62E5DB25C
SHA-512: 7FCC13F524DDA8868608C22294AFA2ACA5DA298D8ACD19CF16CB887A013F400A4CA79E07916A734FB76E6CCA468DF99EDB9BA10824669F4AF76D512D9E4B9BC1
Malicious: false
Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.646325327304578e+12,"network":1.646292929e+12,"ticks":177276120.0,"uncertainty":3694436.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799345551"},"plugins":{"metadata":{"adobe-flash-player":{"disp
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 199271
Entropy (8bit): 6.0740584822478105
Encrypted: false
SSDEEP: 3072:wXUR45ZQDsyvEmtJ4WD6NLn+0C6BlVFcbXafIB0u1GOJmA3iuRL:wZP+syZ4H+1EljaqfIlUOoSiuRL
MD5: 5F3029AA7CBF2F0AB25164449C628277
SHA1: FD47F41C59529D6F6653774E13D289FE1AF5FF0E
SHA-256: 5270FB0078BB177F793D6E9060193DC4A69F4544168103776A2635F978836DE7
SHA-512: 49E798A4C0793DCAD7DA954E2023AA5783EB30BD2E07EEC867E08207BAF631C64A1D4CDEBE18DA6B370AF82828AD6C7142A9605439FFAEE0A441225D547B3DE8
Malicious: false
Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.646325327304578e+12,"network":1.646292929e+12,"ticks":177276120.0,"uncertainty":3694436.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 190807
Entropy (8bit): 6.045264427420573
Encrypted: false
SSDEEP: 3072:fR45ZQDsyvEmtJ4WD6NLn+0C6BlVFcbXafIB0u1GOJmA3iuRL:6P+syZ4H+1EljaqfIlUOoSiuRL
MD5: 8C739D197C1F5B18C830CFA4BB16D158
SHA1: B3C3899CBACFAA5E8366E8482D8E4EB2BAC61666
SHA-256: AE8BD27D2E0592747463BDB65E5927D6C8DBDD5BD573DEA69424BC0E18511020
SHA-512: 4BF422134AC6C4A44EC969535755443078A3D192D7520D6A00A25F34ECCCC53285536D9DA3F04F98C57DA181A077794B1A17CAA37FE65BB5935A32FCDCA2CA75
Malicious: false
Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.646325327304578e+12,"network":1.646292929e+12,"ticks":177276120.0,"uncertainty":3694436.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799345551"},"plugins":{"metadata":{"adobe-flash-player":{"disp
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local StateG (copy)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local StateMP (copy)
Copyright Joe Security LLC 2022 Page 32 of 135
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 190901
Entropy (8bit): 6.045530257371815
Encrypted: false
SSDEEP: 3072:QR45ZQDsyvEmtJ4WD6NLn+0C6BlVFcbXafIB0u1GOJmA3iuRL:dP+syZ4H+1EljaqfIlUOoSiuRL
MD5: 392EFC2FC3ADE954A108590D469CE791
SHA1: 1638B8E87BA653F27C8E0EC1F2EB08BC7DB20D17
SHA-256: 6CCCAB41FA97E9B05E8073A71926BD7B5E34B64BAE454AA1D9DDCC018E2682DE
SHA-512: BEF108A069F59EB5AE5B795E97BBC9C859A2A00DAB78540A1158C2518C4DD5721902C51452F2B669D1933E5CEE75811A2AA67F12217A2F0A7AF9C5174F9F28FA
Malicious: false
Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.646325327304578e+12,"network":1.646292929e+12,"ticks":177276120.0,"uncertainty":3694436.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799345551"},"plugins":{"metadata":{"adobe-flash-player":{"disp
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 190901
Entropy (8bit): 6.045530790090492
Encrypted: false
SSDEEP: 3072:LR45ZQDsyvEmtJ4WD6NLn+0C6BlVFcbXafIB0u1GOJmA3iuRL:uP+syZ4H+1EljaqfIlUOoSiuRL
MD5: 1959FE0F7429A10028804F300A0E9E7D
SHA1: 7CBDF3A635F7EC0006B2E85D4A7DAE18964FB4C7
SHA-256: 18FFE3EE985F4463EF43D2545FA597E77FBA5444017DB0B944924B550C7E882A
SHA-512: 5E132B89A620F6FB97064ED25F9FFF6853E39156AE352C3003E689D9582CF5601EDAD7E683F77577F43DBCEDF7A45D6526D013720060C1FD783EA8C8C24E5E14
Malicious: false
Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.646325327304578e+12,"network":1.646292929e+12,"ticks":177276120.0,"uncertainty":3694436.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799345551"},"plugins":{"metadata":{"adobe-flash-player":{"disp
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: data
Category: dropped
Size (bytes): 92724
Entropy (8bit): 3.7463741497991445
Encrypted: false
SSDEEP: 384:Pn8xSlaC83pY8beFNyrnvmO3Ve0pHkdGJwrbISkxVY4IrrTimvUr4y2eVOQ0mNL2:3GJhikl9QeP0ecE3D2uKMOWBK
MD5: 959252D66E2AF051E40B1DC03EC6BE23
SHA1: 6879102BA33F6192F750BB8A5320E8378E2B36F0
SHA-256: 90103AA2666FD9B80A123428FE9EB97299D43CE08C72136BD3F67F8663D85360
SHA-512: D4E7C5A399E4002937BDBFA46A7F16B40E57CC14DF6ED12FDE94142800A8BD7A29D0DDC0B67F6764D6733AE1BCA5095F522DA21A3B124F2617C0C39BE4F0350B
Malicious: false
Preview: 0j..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...pU8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\[email protected]/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local States (copy)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local States} (copy)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
Copyright Joe Security LLC 2022 Page 33 of 135
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: data
Category: dropped
Size (bytes): 95428
Entropy (8bit): 3.7465317557019078
Encrypted: false
SSDEEP: 384:Bn8xSlaC83pkH8SVPheFNyrnvmO3Ve0pHkdGJwrbISkxVY4IrrTimvbpr4y2eVOA:liGJhik89QeP0ecE3D2uKMOWB3
MD5: 157F8889FD1A330CAEF7F67133B45E1A
SHA1: 89157E5014ACA89484488C6F41D15BE2CEFCDD19
SHA-256: 1EAA9864E69A416906227E592B17EADC379403226B8643B513ABB967276A3B34
SHA-512: 79872BD5A77E1EE9287AE88F5E0CEC78C4EAB7516210C00FCACF9712EB21D666FF81E0038B724AD87B6129B27414201B765AE34F2D641C6D3D2268E142A4B5D6
Malicious: false
Preview: .t..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...pU8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\[email protected]/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: SysEx File -
Category: dropped
Size (bytes): 94708
Entropy (8bit): 3.7467286301119236
Encrypted: false
SSDEEP: 384:Rn8xSlaC83pkH8SVPheFNyrnvmO3Ve0pHkdGJwrbISkxVY4IrrTimvUr4y2eVOQe:ViGJhikl9QeP0ecE3D2uKMOWBC
MD5: AA3744B5C9D6B52A486421FB8057B87A
SHA1: F7FDA8D25C51535D36F75E4CB7D7B3B38E9AEEAF
SHA-256: 324DCDC83CF89BDC1A0BE2EA3A86F7CBDBE9A2031BBD52C1D9960CE4A5777EA6
SHA-512: E532B43BC6622A7EE431600CB7AA648F86CF6C789DEAC7D593116CE7BC22629FA032073135DDC4690A215D269C8E93732E56E7E712131992C4A790A811DA578F
Malicious: false
Preview: .q..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...pU8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\[email protected]/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: data
Category: dropped
Size (bytes): 143064
Entropy (8bit): 4.849758316287982
Encrypted: false
SSDEEP: 3072:jUVmA7NWWGKU616sXlzS2+bSzp1lGS7aHHt9adAPHbb1c:jcmA7NWW+olfk9qwO
MD5: 9969B653D9FEBBB6B3FF6CFBD8A14A3A
SHA1: EED02611419111062008F0067EEEDF1DEF12FD0D
SHA-256: 109AE8144849BAC03629515514DD78FFCDDD3556F90D9DE7A4ACECEDB49B47DB
SHA-512: 6696AAFF28403D39BC58CE6C7091A598309568B6227A1DACA8EC2DF942DF1AF408EFAD507BD8D3295EC8ED100D4280D53C7DF5B82B8897C15D27E7F57F38EEC8
Malicious: false
Preview: .........................U.................................. ...X...l...h...d...0.......X...T...P...L...H.......@...<.......4...0...,.......|...`...D........... ............................... .......ozama...........8.......g.bat...........P.......onwod...........h.......ennab...................nozam.......$...........geips...................rekoj.......@...........lgoog.......h...........uotpo...................lreko.......P...................\S..............0S...S...R...R...R..8S...R..0S..,S..(S..$S..tR...S...S...S...S...S..DR...S...S.. R...R...R...R...Q...R...R...Q...R...R...R...R...R...R...Q...R..hQ...R...R...R..@Q...R...R...R...R...R...R...R...R...R...R...R..|R..xR...P...P..lR..hR..dR..`R..\R..XR..TR..PR..LR...P..DR..tP..XP..8R..4R..0R..0P..(R..$R.. R...R...R...R...R...R...R...R...R...Q...Q...Q...Q...Q...O...O...Q...O...Q...Q...Q...Q...Q...Q...Q..`O..DO..(O...Q...Q...Q...Q...Q...Q...N...Q...Q...Q...Q...N...Q...N..xQ..tQ..pQ..lQ..hQ..dQ..`Q..\[email protected]..
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache.T (copy)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info CacheW (copy)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir6792_1407872291\Ruleset Data
C:\Users\user\AppData\Local\Google\Chrome\User Data\a04472d5-c104-4329-805a-fded3e3aae1d.tmp
Copyright Joe Security LLC 2022 Page 34 of 135
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 199271
Entropy (8bit): 6.0740584822478105
Encrypted: false
SSDEEP: 3072:wXUR45ZQDsyvEmtJ4WD6NLn+0C6BlVFcbXafIB0u1GOJmA3iuRL:wZP+syZ4H+1EljaqfIlUOoSiuRL
MD5: 5F3029AA7CBF2F0AB25164449C628277
SHA1: FD47F41C59529D6F6653774E13D289FE1AF5FF0E
SHA-256: 5270FB0078BB177F793D6E9060193DC4A69F4544168103776A2635F978836DE7
SHA-512: 49E798A4C0793DCAD7DA954E2023AA5783EB30BD2E07EEC867E08207BAF631C64A1D4CDEBE18DA6B370AF82828AD6C7142A9605439FFAEE0A441225D547B3DE8
Malicious: false
Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.646325327304578e+12,"network":1.646292929e+12,"ticks":177276120.0,"uncertainty":3694436.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: SysEx File -
Category: dropped
Size (bytes): 94708
Entropy (8bit): 3.7467286301119236
Encrypted: false
SSDEEP: 384:Rn8xSlaC83pkH8SVPheFNyrnvmO3Ve0pHkdGJwrbISkxVY4IrrTimvUr4y2eVOQe:ViGJhikl9QeP0ecE3D2uKMOWBC
MD5: AA3744B5C9D6B52A486421FB8057B87A
SHA1: F7FDA8D25C51535D36F75E4CB7D7B3B38E9AEEAF
SHA-256: 324DCDC83CF89BDC1A0BE2EA3A86F7CBDBE9A2031BBD52C1D9960CE4A5777EA6
SHA-512: E532B43BC6622A7EE431600CB7AA648F86CF6C789DEAC7D593116CE7BC22629FA032073135DDC4690A215D269C8E93732E56E7E712131992C4A790A811DA578F
Malicious: false
Preview: .q..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...pU8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\[email protected]/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: data
Category: dropped
Size (bytes): 95428
Entropy (8bit): 3.7465317557019078
Encrypted: false
SSDEEP: 384:Bn8xSlaC83pkH8SVPheFNyrnvmO3Ve0pHkdGJwrbISkxVY4IrrTimvbpr4y2eVOA:liGJhik89QeP0ecE3D2uKMOWB3
MD5: 157F8889FD1A330CAEF7F67133B45E1A
SHA1: 89157E5014ACA89484488C6F41D15BE2CEFCDD19
SHA-256: 1EAA9864E69A416906227E592B17EADC379403226B8643B513ABB967276A3B34
SHA-512: 79872BD5A77E1EE9287AE88F5E0CEC78C4EAB7516210C00FCACF9712EB21D666FF81E0038B724AD87B6129B27414201B765AE34F2D641C6D3D2268E142A4B5D6
Malicious: false
Preview: .t..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...pU8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\[email protected]/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.
C:\Users\user\AppData\Local\Google\Chrome\User Data\d61a250b-c5da-4ad9-a501-4bfb35c0a01d.tmp
C:\Users\user\AppData\Local\Google\Chrome\User Data\f1e72b67-fd0f-4c20-b69e-f0efd3b48812.tmp
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\o ceclient.microsoft.com\1B1F1FA2-4480-408A-AA09-8E59
9A0521EE
Copyright Joe Security LLC 2022 Page 35 of 135
Process: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
File Type: XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 144422
Entropy (8bit): 5.357216789944719
Encrypted: false
SSDEEP: 1536:pcQIfgxrBdA3guw0/Q9DQW+z7k4F77nXmvidZXtE5LWm69:7IQ9DQW+zJXCe
MD5: 68F10C8EC40D1384802E972062E644F3
SHA1: E7773C2BD3335D125353CC91A2FA10A5E2F5D2C5
SHA-256: 740E13D8E50AECD658E066468261F4C97A9451263006BFCDA212AE222C67156A
SHA-512: 03F9929D2207BCEC1DD6A4BE14CD6B65F64C2C253A1BC935F43E6B9892EB11EF860FAB7644F1194413930215CB15C84E48821513F2FE3F5DD419C5F3562EB0DA
Malicious: false
Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2022-03-03T07:34:49">.. Build: 16.0.15027.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
Process: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
File Type: data
Category: dropped
Size (bytes): 1024
Entropy (8bit): 0.05390218305374581
Encrypted: false
SSDEEP: 3:ol3lYdn:4Wn
MD5: 5D4D94EE7E06BBB0AF9584119797B23A
SHA1: DBB111419C704F116EFA8E72471DD83E86E49677
SHA-256: 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
SHA-512: 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
Malicious: false
Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Process: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
File Type: data
Category: dropped
Size (bytes): 14198
Entropy (8bit): 3.9469603391388457
Encrypted: false
SSDEEP: 192:f0/IvYgS1xYzeHnIsYjozM3TU55K9r5PUB5FbVqXysYjvcCB0GH8D8zIUHa5/mi8:f0/oStYTTdz1YyGo8aajLFflavY
MD5: E641C5057412CF352BEB27D3E6028F33
SHA1: 57450497D010F9D9CE68999E05CE73CB7F3E4478
SHA-256: 4F7579679B4564E83FC52E3AD93713BBEB380917473268546D4813054CC6E974
SHA-512: 3D878F19F04D3E6EE4872A219EF28C7649D52F1D642396FA990E91828167E5ADE3DB187310F4982EAC4E748C8229E3A58CC504152180942D6EBFEC2B894A1363
Malicious: false
Preview: ....2.0.2.2. .N.C.A.A. .B.r.a.c.k.e.t. .P.o.o.l.......-.S.i.m.p.l.e. .r.u.l.e.s.,. .p.r.e.t.t.y. .m.u.c.h. .a. .s.t.a.n.d.a.r.d. .b.r.a.c.k.e.t. .p.o.o.l.....-.E.n.t.r.y. .f.e.e. .i.s. .$.7.5. .f.o.r. .3. .b.r.a.c.k.e.t.s... . .Y.o.u. .M.U.S.T. .e.n.t.e.r. .a.t. .l.e.a.s.t. .3. .b.r.a.c.k.e.t.s... . ...-.I.f. .y.o.u. .w.a.n.t. .m.o.r.e. .t.h.a.n. .3. .t.h.e.n. .p.l.e.a.s.e. .B.E. .S.U.R.E. .T.O. .E.N.T.E.R. .3. .a.d.d.i.t.i.o.n.a.l. .B.R.A.C.K.E.T.S. .$.7.5. .F.O.R. .E.A.C.H. .A.D.D.I.T.I.O.N.A.L. .S.E.T. .............4...6.......0...*...............2...4...J...........V...........8...:...x...z...|...........................................................................................................................................................................................................................................................................................................................................................................d........gd.SE.l........... ....
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: Google Chrome extension, version 3
Category: dropped
Size (bytes): 768843
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{2E166C1B-21B5-4EC3-B0F5-DDC5705FED10}.tmp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{486AA045-9E77-42FB-AEAD-86A01C820FC8}.tmp
C:\Users\user\AppData\Local\Temp\214e4e34-6824-4e7d-b8bb-8672de686a21.tmp
Copyright Joe Security LLC 2022 Page 36 of 135
Entropy (8bit): 7.992932603402907
Encrypted: true
SSDEEP: 12288:cK2ED9wjXNC1Gse83ru82/u0eKhgxuPFrDXgtbPz54Pm1D0fBmfH1sBrJ9mTiDga:cK2ED9I48seur0/uZKCuPNbgtbz6m1ob
MD5: A11D5CAF6BF849AEB84B0C95B1C3B7CF
SHA1: 27F410CCBD75852C01C7464A1FD7EF8C29BE3916
SHA-256: D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
SHA-512: 086C124DE3A01BE467647F3BCB4EA05105F690AB45417A0E3D38935ABA9E2381DF59AF98D0FFF7823CEFD5390B48807352E135AC70977AED7B413A8CC48FB590
Malicious: false
Preview: Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........6W..>Nuw9..R{c...Nq.H.K..A!....`v.k+..?.5.>v.....;.._~....tp....x.q.V...7.m.O.~.{!.o/q.'..BK..4./?'.....L..fH&.._<..&.p.k^..\s...:[email protected]:..Y.@;..j..........=ae...0.......DU....n...n.;.Ipr..Q....:... <.....a.Y....{ei........0..0...*.H............0.......Mbh=.[O}.+..U.KHF(n3.\"...,g.c...6)..(.E...U...#.i.a..:...N.....P...x.O...(mC;|.5.S.{m.aEx...[..fP.i`.y..5..R....v.$......l-m.............m....ni...`..W.....R.p.b.+...+.\k.R$e~.J\.&c%.d...M..j..V.%...+1F....D....X\.1ct.<[email protected]..^...&YR...I.o...,.....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. D.'.N@.(..GK....m...A.0.."
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: very short file (no magic)
Category: dropped
Size (bytes): 1
Entropy (8bit): 0.0
Encrypted: false
SSDEEP: 3:L:L
MD5: 5058F1AF8388633F609CADB75A75DC9D
SHA1: 3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256: CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512: 0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious: false
Preview: .
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 3034
Entropy (8bit): 5.876664552417901
Encrypted: false
SSDEEP: 48:p/hEc9q0S+UTKYM43z8nqMsfWRUWEADM/W9n7lqFkakzcVTGkcYTPi6zM:RGcg5z/jjjHgUnV278+aWLy4
MD5: 8B6C3E16DFBF5FD1C9AC2267801DB38E
SHA1: F5CADC5914DF858C96C189B092BC89C29407BBAA
SHA-256: FD986A547D9585E98F451B87CA85DEB4B61EE540C6FAC678D7BEDABF04653095
SHA-512: 37048EF8FADF62A26CAEC6EE90AC192429AB1E99424E5C68FACA90C0DAD68642C761FDCAC03FC38FA930841F91FA145A6943EC7F168D4F2FA426F1F092C2F502
Malicious: false
Preview: [{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJfcGxhdGZvcm1fc3BlY2lmaWMveDg2XzY0L3BuYWNsX3B1YmxpY19wbmFjbF9qc29uIiwicm9vdF9oYXNoIjoiVkNUSHNJVHNUSXVncWNhV2ctWHVpTU1sdWloV1FSTE1sQnpTTGprdGhETSJ9LHsicGF0aCI6Il9wbGF0Zm9ybV9zcGVjaWZpYy94ODZfNjQvcG5hY2xfcHVibGljX3g4Nl82NF9jcnRiZWdpbl9mb3JfZWhfbyIsInJvb3RfaGFzaCI6ImxINWt2a1BvSVZZczZKVHhyOHc5Q2MxXzloVEJCX3lVSlF6VDZseVVNd0kifSx7InBhdGgiOiJfcGxhdGZvcm1fc3BlY2lmaWMveDg2XzY0L3BuYWNsX3B1YmxpY194ODZfNjRfY3J0YmVnaW5fbyIsInJvb3RfaGFzaCI6IkVuLVFQTW1HUm1xbG9Ud1gzOTAzckpsMkw0R25sQmdET1FhZlNKaHJ4Nk0ifSx7InBhdGgiOiJfcGxhdGZvcm1fc3BlY2lmaWMveDg2XzY0L3BuYWNsX3B1YmxpY194ODZfNjRfY3J0ZW5kX28iLCJyb290X2hhc2giOiJkT2lJVzRmdEdGNW9FY0k1UXYyYjBmdXNrUlYyaUVtdmxhbmV6MlpFc3VvIn0seyJwYXRoIjoiX3BsYXRmb3JtX3NwZWNpZmljL3g4Nl82NC9wbmFjbF9wdWJsaWNfeDg2XzY0X2xkX25leGUiLCJyb290X2hhc2giOiIzNEU5QU9EMmpqLWNoMzZQZ0NVV0YtMUpYWVhVdlNGY1I4bks1aWppcWNjIn0seyJwYXRoIjoiX3B
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text
Category: dropped
Size (bytes): 507
Entropy (8bit): 4.68252584617246
Encrypted: false
SSDEEP: 12:TjLJ7qaVgPPd8bdzQBXefosmc5T9+n6e1Cetm1JXcAwA:TJ7jViPOd8wfHmZ6RP15
MD5: 35D5F285F255682477F4C50E93299146
C:\Users\user\AppData\Local\Temp\4c759342-6926-4f99-86be-d9b993978ecd.tmp
C:\Users\user\AppData\Local\Temp\6792_4360340\_metadata\verified_contents.json
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_pnacl_json
Copyright Joe Security LLC 2022 Page 37 of 135
SHA1: FB58813C4D785412F05962CD379434669DE79C2B
SHA-256: 5424C7B084EC4C8BA0A9C69683E5EE88C325BA28564112CC941CD22E392D8433
SHA-512: 59DF2D5F2684FACC80C72F9C4B7E280F705776076C9D843534F772D5A3D578BEE04289AEE81320F23FB4D743F3969EDF5BA53FEBBAC8A4D27F3BC53BCF271C3E
Malicious: false
Preview: {. "COMMENT": [. "This file serves as a template for the resource info description used by ", . "the NaCl Chrome plugin. It is kept in the NaCl repository to prevent ", . "hard-coding of NaCl-specific information inside the Chrome repository.". ], . "abi-version": 1, . "pnacl-arch": "x86-64", . "pnacl-ld-name": "ld.nexe", . "pnacl-llc-name": "pnacl-llc.nexe", . "pnacl-sz-name": "pnacl-sz.nexe", . "pnacl-version": "5dfe030a71ca66e72c5719ef5034c2ed24706c43".}
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
Category: dropped
Size (bytes): 2712
Entropy (8bit): 3.4025803725190906
Encrypted: false
SSDEEP: 48:b/5D5V5PK82aTS6aTTw0Do1DttoyDNsEA:b/hbVic1ZtLDNsE
MD5: 604FF8F351A88E7A1DBD7C836378AE86
SHA1: 9D8D89AE9F13D6306E619A4EAAD51EDE91A5F9F3
SHA-256: 947E64BE43E821562CE894F1AFCC3D09CD7FF614C107FC94250CD3EA5C943302
SHA-512: 85B1EDA4C473E00034EE627B7ABB894A77E521BC6A91A91A4A3744CA7511CB0AF10B9723D9ECC2CE3378DD70B659DF842D8C11875958CB77070CF01EC0A15840
Malicious: false
Preview: .ELF..............>.................................@[email protected].......,$J.l=....J.$<A[[email protected]......,$J.l=....J.$<A[..D..A...M..A..ffffff..................PH..1..,$J.l=....J.$<A[.......A...M..A..ffffff..................PH..SP..h.........fff...................h.........fff.............J.$<[.,$J.l=....J.$<.....f.....................................................................................................................................................................................NaCl....x86-64...........zR..x......................@[email protected][email protected].......`....C....C..B...... .......................<...............@.......X.......................t........................clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pna
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
Category: dropped
Size (bytes): 2776
Entropy (8bit): 3.5335802354066246
Encrypted: false
SSDEEP: 48:b/5D5V5ej5ej5PjDdaTS6aTTw6DV1DtFouoyDOsTy:b/hbEEVJB1ZFhLDOsT
MD5: 88C08CD63DE9EA244F70BFC53BBCADF6
SHA1: 8F38A113A66B18BAA02E2C995099CF1145A29DAA
SHA-256: 127F903CC986466AA5A13C17DFDD37AC99762F81A794180339069F48986BC7A3
SHA-512: 78D2500493A65A23D101EC2420DC5F0CE8C75EFAC425C28547121643E4FB568E9D827EF2C0F7068159E043C86B986F29BF92C6BADC675F160B63C7B3512EB95F
Malicious: false
Preview: .ELF..............>.....................X...........@[email protected].......,$J.l=....J.$<A[[email protected]......,$J.l=....J.$<A[..D..A...M..A..ffffff..................PH..1..,$J.l=....J.$<A[.......A...M..A..ffffff..................PH..,$J.l=....J.$<A[f........A...M..A..ffffff..................PH..,$J.l=....J.$<A[f........A...M..A..ffffff..................PH..SP..h.........fff.............J.$<[.,$J.l=....J.$<.....f.K...............`.......P.......................z...................................NaCl....x86-64...clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pnacl-llvm.git 7251d5b59fca15195c94a3a7da70f0081724448f)[email protected][email protected][email protected][email protected][email protected].................@...
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
Category: dropped
Size (bytes): 1520
Entropy (8bit): 2.799960074375893
Encrypted: false
SSDEEP: 12:Bvx/ekjlM/NQQmTfR9yp9396QQmTfR9C6wRqD8MTDDw7lEOkSbfuEAXwX6BX2U8b:bDjO/NbmT3296bmT3Twk8qDwh7b7CD8
MD5: 75E79F5DB777862140B04CC6861C84A7
SHA1: 4DB7BDC80206765461AC68CEC03CE28689BBEE0C
SHA-256: 74E8885B87ED185E6811C23942FD9BD1FBAC9115768849AF95A9DECF6644B2EA
SHA-512: FE3F86E926759E71494F2060C4ED3C883EBCAF20CB129A5AD7F142766C33FAB10B5FABC3C7C938E0E895E27EA0AC03CBFE8D0EEABF5300A4AD07F67FD96CC253
Malicious: false
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o
Copyright Joe Security LLC 2022 Page 38 of 135
Preview: .ELF..............>.................................@[email protected] version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pnacl-llvm.git 7251d5b59fca15195c94a3a7da70f0081724448f)...text..comment..bss..group..note.GNU-stack..eh_frame..shstrtab..strtab..symtab..data..note.NaCl.ABI.x86-64.......................................................!................................................................................................................................................................................................../../../pnacl/support/crtend.c.__EH_FRAME_END__...............................................................................................@...............................................................H.......................................P.......................H...............................
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377, stripped
Category: dropped
Size (bytes): 2163864
Entropy (8bit): 6.07050487397106
Encrypted: false
SSDEEP: 24576:HPHonIwYZJ0ykwVO7Owf31yJKzCtxO8RSV4lY+PbeHVxCtjFV4lBNeSAmfGqa+A7:HvSMRwf3SKmlY+PyPvnM2Gq+
MD5: 0BB967D2E99BE65C05A646BC67734833
SHA1: 220A41A326F85081A74C4BB7C5F4E115D1B4B960
SHA-256: C6C2D0C2FC3E38A9BFA19C78066439C2F745393F1FD1C49C3C6777F697222C76
SHA-512: 8EF8689E00E4B210A30444D18ED6247F364995ABEB2FD272064C3AF671EEDB4D9B8B67CA56F72FEBF8F56896D4EA7EC4B10CB445FFA1C710C1F312E9DA0E4896
Malicious: false
Antivirus: Antivirus: Virustotal, Detection: 0%, BrowseAntivirus: Metadefender, Detection: 0%, BrowseAntivirus: ReversingLabs, Detection: 0%
Preview: .ELF..............>..... .......@[email protected]...@......................................................................................................................................................{......W...............................................@.......@...............P.td.....h.......h.......h......4b......4b..............Q.td................................................................NaCl....x86-64..............GNU.u.S.:j..,w...u...#w.......?......Y@[email protected]@[email protected]@.....@X@.....``@[email protected]@.....H.@.......@.......@.......@.......@.......@....`..@[email protected]................@..............?.......A.........5.....?5.5...?.5.....?......P9..............PC.......?......0@................aCoc...?..`.(..?.y.P.D.?<.s..O.u......$@.......@...............@........................................ ... ....... .......@...`...`...`...`...................`...`...`...`...`...`...`...................................`...
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: current ar archive
Category: dropped
Size (bytes): 40552
Entropy (8bit): 4.127255967843258
Encrypted: false
SSDEEP: 768:xlP+1fzyUNVU5LmKxeOnjpD5eA/eUnUUxvT:xlP+1ryYMTekpD5eAWjuvT
MD5: 0CE951B216FCF76F754C9A845700F042
SHA1: 6F99A259C0C8DAD5AD29EE983D35B6A0835D8555
SHA-256: 7A1852EA4BB14A2A623521FA53F41F02F8BA3052046CF1AA0903CFAD0D1E1A7B
SHA-512: 7C2F9BF90EB1F43C17B4E14A077759FA9DC62A7239890975B2D6FD543B31289DC3B49AE456CA73B98DE9AC372034F340C708D23D9D3AAB05CCBDABDC56A6314E
Malicious: false
Preview: !<arch>./ 0 0 0 0 624 `...................,...8...Z(..e...e...t...t...y`..y`..y`..y`..y`..y`..y`..y`..y`..y`..y`..y`..y`..y`........................fmod.fmodf.memcmp.memcpy.memmove.memset.__nacl_read_tp.__pnacl_init_irt.longjmp.setjmp.__Sz_fptosi_f32_i64.__Sz_fptosi_f64_i64.__Sz_fptoui_f32_i32.__Sz_fptoui_f32_i64.__Sz_fptoui_f64_i32.__Sz_fptoui_f64_i64.__Sz_sitofp_i64_f32.__Sz_sitofp_i64_f64.__Sz_uitofp_i32_f32.__Sz_uitofp_i32_f64.__Sz_uitofp_i64_f32.__Sz_uitofp_i64_f64.nacl_tp_tdb_offset.nacl_tp_tls_offset.__Sz_bitcast_16xi1_i16.__Sz_bitcast_8xi1_i8.__Sz_bitcast_i16_16xi1.__Sz_bitcast_i8_8xi1.__Sz_fptoui_4xi32_f32.__Sz_uitofp_4xi32_4xf32..e_fmod.o/ 0 0 0 644 2792 `..ELF..............>.....................(...........@[email protected].~.M..I.. [email protected].~.M.....I.. E..A......D..D..t.D....D..f....D..=....r...Y...^.[A\A]A^..@..,$J.l=....J.$<A[A...M..
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: current ar archive
Category: dropped
Size (bytes): 132784
Entropy (8bit): 3.6998481247844937
Encrypted: false
SSDEEP: 384:Hf0mOXYmeKzQUIdedRFvT5p1Ee2HyAlL3O4:Hf7OXdmWRJT5p1R2HyAhO4
MD5: C37CA2EB468E6F05A4E37DF6E6020D0F
SHA1: EA787E5EADFB488632EC60D8B80B555796FA9FE9
SHA-256: C1483ED423FEE15D86E8B5D698B2CDAB89186CE7FF9C4E3D5F3F961FD80D7C6E
SHA-512: 01281DE92B281FB29E1ACA96AA64B740B65CC3A9097307827F0D8DB9E1C164C56AFCDFA0BF138EA670A596D55CE2C8D722760744E9FC9343BB6514417BF333BA
Malicious: false
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
Copyright Joe Security LLC 2022 Page 39 of 135
Preview: !<arch>./ 0 0 0 0 942 `....;...|.......4...x..#...-...4l..E...M...U...]...n...u...~X...4.......................L......................t...p...............`......"...*...1...:...D...K...T...\...d...r|..|0.......x...........L.......\...8..........................__clzti2.__compilerrt_fmax.__compilerrt_fmaxf.__compilerrt_logb.__compilerrt_logbf.__ctzti2.__divdc3.__divdi3.__divmoddi4.__divmodsi4.__divsc3.__divsi3.__divti3.__fixdfdi.__fixdfsi.__fixdfti.__fixsfdi.__fixsfsi.__fixsfti.__fixunsdfdi.__fixunsdfsi.__fixunsdfti.__fixunssfdi.__fixunssfsi.__fixunssfti.__floatdidf.__floatdisf.__floatsidf.__floatsisf.__floattidf.__floattisf.__floatundidf.__floatundisf.__floatunsidf.__floatunsisf.__floatuntidf.__floatuntisf.compilerrt_abort_impl.__moddi3.__modsi3.__modti3.__muldc3.__muloti4.__mulsc3.__multi3.__popcountdi2.__popcountsi2.__popcountti2.__powidf2.__powisf2.__udivdi3.__udivmoddi4.__udivmodsi4.__udivmodti4.__udivsi3.__udivti3.__umoddi3.__umodsi3.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: current ar archive
Category: dropped
Size (bytes): 13514
Entropy (8bit): 3.8217211433441904
Encrypted: false
SSDEEP: 192:uU9v4pXizdrEuxwk3vp20tprpdSGFwDqO:P9v4palvvc0tpFdSGFwmO
MD5: 4E8BEDA73EB7BD99528BF62B7835A3FA
SHA1: DC0F263A7B2A649D11FF7B56FE9CFAC44F946036
SHA-256: 6B835FD48DF505EB336FF6518CE7B93BB0ED854DADAA5C1EEED48D420291F62C
SHA-512: 46116B8BABC719676D68FD40D2AC82F38A3D13D8A482ADFC6FC32A99170AC3420E52CC33242CCD0FA723ABF4FA5EDBB9CE16A09C729BF04AE4AFBB2F67A1E38B
Malicious: false
Preview: !<arch>./ 0 0 0 0 94 `................._pnacl_wrapper_start.__pnacl_real_irt_query_func.__pnacl_wrap_irt_query_func..shim_entry.o/ 0 0 0 644 7392 `..ELF..............>..................... ...........@.....@.........................NaCl....x86-64..................................A.L....A.L...D...........D....A.....t+.. u..t"..A.D..........A... .....A.D...........f..D..<.......................Q.......................V.......................clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pnacl-llvm.git 7251d5b59fca15195c94a3a7da70f0081724448f).../../ppapi/native_client/src/untrusted/pnacl_irt_shim/shim_entry.c./mnt/data/b/build/slave/sdk/build/src/out_pnacl/x64.NACL_STARTUP_FINI.NACL_STARTUP_ENVC.NACL_STARTUP_ARGC.NACL_STARTUP_ARGV.NaClStartupInfoIndex.unsigned int.size_t.char.TYPE_na
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: current ar archive
Category: dropped
Size (bytes): 2078
Entropy (8bit): 3.21751839673526
Encrypted: false
SSDEEP: 24:MOcpdhWE5O/bZbmT3296bmT3TwQwDnvD/+R3:MHuECdaTS6aTTwXDvD/+l
MD5: F950F89D06C45E63CE9862BE59E937C9
SHA1: 9CFAD34139CC428CE0C07A869C15B71A9632365D
SHA-256: 945B1C8A1666CBF05E8B8941B70D9D044BAAFB59B006F728F8995072DE7C4C40
SHA-512: F9AFBB800A875EDCC63DEA4986179E73632B3182951A99C8B3D37DB454EFD7CC7192ECA5AC87514918A858BAD6DAEAB59548CA2E90EADA9900EF5B9F08E62CFC
Malicious: false
Preview: !<arch>./ 0 0 0 0 30 `........._pnacl_wrapper_start..// 20 `.dummy_shim_entry.o/./0 0 0 0 644 1840 `..ELF..............>.................................@[email protected]..,$J.l=....J.$<.....f..D......................................NaCl....x86-64...clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pnacl-llvm.git 7251d5b59fca15195c94a3a7da70f0081724448f)............zR..x...................... ....C....C..... .........................rela.text..comment..bss..group..note.GNU-stack..rela.eh_frame..shstrtab..strtab..symtab..data..note.NaCl.ABI.x86-64.....................................................................................................................................................
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce, stripped
Category: dropped
Size (bytes): 14091416
Entropy (8bit): 5.928868737447095
Encrypted: false
SSDEEP: 196608:tKVqXp3Qev4dg6ilfHM8KLM2J3jqjnkZ:uqufB
MD5: 9B159191C29E766EBBF799FA951C581B
SHA1: D1D4BBC63AB5FC1E4A54EB7B82095A6F2CE535EE
SHA-256: 2F4A3A0730142C5EE4FA2C05D27A5DEFC18886A382D45F5DB254B61B28ED642B
SHA-512: 0B4FF60B5428F81B8B1BCF3328CF80CBD88D8CE5E8BDBC236B06D5A54E7CF26168A3ABB348D87423DA613AB3F0B4D9B37CB5180804839F1CA158EC2B315DDF00
Malicious: false
Antivirus: Antivirus: Virustotal, Detection: 0%, BrowseAntivirus: Metadefender, Detection: 0%, BrowseAntivirus: ReversingLabs, Detection: 0%
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
Copyright Joe Security LLC 2022 Page 40 of 135
Preview: .ELF..............>..... .......@[email protected]...@...............$.....................................................................................................................!.......!......'......G...............................................@.......@...............P.td............................D.......D...............Q.td................................................................NaCl....x86-64..............GNU.0.m=F>k....&...i........................0C......0C..0C..0E..............0C......0E.-DT.!.?.-DT.!.........................?........-DT.!...-DT.!.?.......?......................?..............?."..."..."..."......@.......`...................... ...@...`...................... ...@...`...................... ...@...`...................... ...@...`.......................................`... ...@...`...........`...`.......@...@....... ....1..`3.. 4..`-..`-...:...:...F..@H..`H...H...F...F...G...H.. [email protected].. I..@[email protected]..`I..
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped
Category: dropped
Size (bytes): 1901720
Entropy (8bit): 5.955741933854651
Encrypted: false
SSDEEP: 12288:gXqUSpBjwQO2o8k+7zjidg4euCAauOILffvCpGy4Wh3BTFmHpq82K2/KsvPyla9d:gafZwcOdNe2auOepCBTFmJq3Kf8ksr
MD5: 9DC3172630E525854B232FF71499D77C
SHA1: 0082C58EDCE3769E90DB48E7C26090CE706AD434
SHA-256: 6AA1DA6C264E0AF4E32A004F4076C7557C6AC6D9C38B0C5DE97302D83FA248C3
SHA-512: 9E9584241A39EED1463D7D4C1B26AE570B839AA315778FF3400C61341EBA43B630307DE9F1532A265CA82EA69BDEA03EC9D963E59A18569C02DA8285449870FE
Malicious: false
Antivirus: Antivirus: Virustotal, Detection: 0%, BrowseAntivirus: Metadefender, Detection: 0%, BrowseAntivirus: ReversingLabs, Detection: 0%
Preview: .ELF..............>..... .......@[email protected]...@.............................................................................................0.......0................................................Y......................................................@[email protected]^......t^......t^.......W.......W..............Q.td................................................................NaCl....x86-64..............GNU.K..J.'..b......<S...`...`... ...@...@[email protected]@......................p................@.......?..............?.......A.........5.....?5.5...?.5.....?......P9..............PC.......?......0@................aCoc...?..`.(..?.y.P.D.?<.s..O.u......$@.......@...............@`...`.......@.................................................. ...`... ... .......`................... ... ...@...`.......................@... Z...[...[...e.......... ...@... ...@...`........0...0...2..`4.. 6...7...9...~...~...z...{...{..
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with no line terminators
Category: dropped
Size (bytes): 66
Entropy (8bit): 3.928261499316817
Encrypted: false
SSDEEP: 3:STDLGswXEVBcVdBiTDt3zLsW:SPLGLErcVdBiDtf3
MD5: C00BCE97F21B1AD61EB9B8CD001795EE
SHA1: 8E0392FF3DB267D847711C3F4E0D7468060E1535
SHA-256: 59F06F04230E32E8BC839F45B984D31D611930427B631C963D09E7064A602363
SHA-512: 9930E44A6ECC62505DBADCEED5E05645909FF09816FB12AAC0414E6D2830AC09758366C3B7D4EDD7839C87EB16DFA4C66D8981AE6237D408B37135C3506F4CD2
Malicious: false
Preview: 1.6f6bc93dcd62dc251850d2ff458fda96083ceb7fbe8eeb11248b8485ef2aea23
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text
Category: dropped
Size (bytes): 573
Entropy (8bit): 4.859567579783832
Encrypted: false
SSDEEP: 12:BLqG6yDJmL4mLDlG9hQ181G46XzrXc+EFfNqpaiOc+T5NqXIOclNqXL:BkylmL4mLDlJ18116XsRNqtZeNqXIZlE
MD5: 1863B86D0863199AFDA179482032945F
SHA1: 36F56692E12F2A1EFCA7736C236A8D776B627A86
SHA-256: F14E451CE2314D29087B8AD0309A1C8B8E81D847175EF46271E0EB49B4F84DC5
SHA-512: 836556F3D978A89D3FC1F07FCED2732A17E314ED6A021737F087E32A69BFA46FD706EBBDFD3607FF42EDCB75DC463C29B9D9D2F122504F567BB95844F579831B
Malicious: false
Preview: {."update_url": "https://clients2.google.com/service/update2/crx",.. "description": "Portable Native Client Translator Multi-CRX",. "name": "PNaCl Translator Multi-CRX",. "manifest_version": 2,. "minimum_chrome_version": "30.0.0.0",. "version": "0.57.44.2492",. "platforms": [. {. "nacl_arch": "x86-32",. "sub_package_path": "_platform_specific/x86_32/". },. {. "nacl_arch": "x86-64",. "sub_package_path": "_platform_specific/x86_64/". },. {. "nacl_arch": "arm",. "sub_package_path": "_platform_specific/arm/". }. ].}.
C:\Users\user\AppData\Local\Temp\6792_4360340\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
C:\Users\user\AppData\Local\Temp\6792_4360340\manifest.fingerprint
C:\Users\user\AppData\Local\Temp\6792_4360340\manifest.json
Copyright Joe Security LLC 2022 Page 41 of 135
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text
Category: dropped
Size (bytes): 1558
Entropy (8bit): 5.11458514637545
Encrypted: false
SSDEEP: 48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5: EE002CB9E51BB8DFA89640A406A1090A
SHA1: 49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256: 3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512: D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious: false
Preview: // Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 1511
Entropy (8bit): 5.986085099681899
Encrypted: false
SSDEEP: 24:pZRj/flTU3Y8eAMRxdAjoYTo7aoXZwuoc/ftDzdMxBDoXwSp2NZVW310CJs7rn:p/hUI8mxdL7akFntDx6kwSUNa00s7r
MD5: 8DE5A24C51A9CA43B3850779259EE819
SHA1: C896E0CBE0576C7810D927F1DFFA9AA046A9D428
SHA-256: 6B8A7B4B3B194D16B24DD6EF3281A76251BFAC7C4F38952967D5F3CB079C5100
SHA-512: B0EF6B73FF8EC41C5B19862E9A64C04E3F3A723C5AD001EDC96021A6A04271906B36015984A809FDE1C32816DB5226A17AB3C8CC2782953DA27D484182BA0737
Malicious: false
Preview: [{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6ImNybC1zZXQiLCJyb290X2hhc2giOiJJa3YxcmxHRHlwV3F6Tmo0ZWNPTzZkeExnSi1IbnR3NnQ0bUlIUVhaYnR3In0seyJwYXRoIjoibWFuaWZlc3QuanNvbiIsInJvb3RfaGFzaCI6IkdtLXJWaUpuUkdzcXM1SUo4Y3JveklTak1TR1RPQVBZTEJ0R2ZoYkxUMTAifV0sImZvcm1hdCI6InRyZWVoYXNoIiwiaGFzaF9ibG9ja19zaXplIjo0MDk2fV0sIml0ZW1faWQiOiJoZm5rcGltbGhoZ2llYWRkZ2ZlbWpob2ZtZmJsbW5pYiIsIml0ZW1fdmVyc2lvbiI6IjcxOTEiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"apFduWQreNCEf9I6075TgYTpsojszO8QUPrVNOjHLWZAHsKhqIt4ccyupGNXZGKArvg_F350KZI8m8HaQw6ekE8CZgHTDZzcsegG8c_wcrybSb81pp2ECjsgreNuE7xlnxihbTAowFgnqV5XY4mZ1r8mySorELvDqpCOWiGhwi70brELz4AhF3Wd8o42MHi0SiFaI4beqN1Gf-0yEJtVPElFInbzx-QapH8oErn9QOuBuoFHK7vYG_N5_5LGCAYCyZF
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: data
Category: dropped
Size (bytes): 22728
Entropy (8bit): 7.8244656124512035
Encrypted: false
SSDEEP: 384:J26XPKZMeWUUXWVPplddm8oWDzyloBPo04g5LV8QzIF0trraYG9VWt/8tPJBr:Jff0JVBlX6Wnyloa04iV8S80rGYGIOP
MD5: 9FB2E6423ED4E43713B729DB15F23A9A
SHA1: A0D1EA3C600CDFD1B5C46745D5D680CC4FEAA115
SHA-256: 6BBE395BEB9636DD215BDDD02BCEBADF4238015B4762B8F161B854554CC5B07E
SHA-512: 8A0F474E5BBC30DA965F878FCD4AEEB520D9D4C9667DF046A1D2AC00571D98B60D6BBD679266CDC0C62070825D531C96EBF9620C892B4E3D325D66C20669E815
Malicious: false
C:\Users\user\AppData\Local\Temp\6792_458024993\LICENSE
C:\Users\user\AppData\Local\Temp\6792_458024993\_metadata\verified_contents.json
C:\Users\user\AppData\Local\Temp\6792_458024993\crl-set
Copyright Joe Security LLC 2022 Page 42 of 135
Preview: ".{"Version":0,"ContentType":"CRLSet","Sequence":7191,"DeltaFrom":0,"NumParents":194,"BlockedSPKIs":["Jdoa1Yu/z7In2HI7GFfUwY57qnQXtPnv+TZrXoafizk=","li5LVLuYp+5dX+uWM/mR08MwDpUU2t57DU+CjHlPjoc=","yP3cdcsb27WMB7TqhHKH9iZlndZrwQomrdm1dbOgo40=","BN3pqpp59hSYaCMl+ghwJ2cH+5ypU4QSC0aJMmhJT8k=","tbqN1/iVZMKInT1kU8hJmMd4JJGbZOoINapimGWRvlA=","wO0gU0a7veButWD1zuAqNjTiR0p+ds+PvvVjuxF90OM=","eBpM8ukkUvPuAdDDgaQhTzkEFlw5CtvWH80RJE4Jstw=","/NdsyiNH5c1bOTR/Uc9DZUtpor/JBzZwpr5H2HAebg4=","lo26afv/Fb83YgiUMa3lp+rUt+rxvnACaBC8V9HGT24=","fNKVt1VEgIq9lAlGbwg3xarcAuM7YVDGZE3goJZZ8jw=","9Sk9R+041MMbLULe47WzrOl8omyirANl42Iu6AITH7s=","nFmjzK6kaZhCsGjPxSz5RdtRmGlXyDLNsYynOEn7ue4=","OUz/WJ5okxLPwHHuC8Gf5MYGIWzlQ0Kd5tti5C27O8E=","NuqWEoyJg5+2IfitDh7gucIgb2Kre02ixnZYk8m3ztI=","pqyh7JgJzFtIIf+dKcXr5lGWC5Gx8ZzIm1Xvh4GKlQk=","MO/kE4JHbDOA8C9+I+ZrovhnsFnuHqaHlrRBuFtdElY=","r1kVGOLmxg67/AkHr6pJvEBR1F5/IUq/7nUS7gD2Ye0=","6EnHF2yT32X2S2FpgjZuVmMReBK2+ivAyPqK6u5Bgcw=","0x7DkoW3pTGdAVfbQg7YfHQ+Mzu8d/h3H3BGT0NqYEk=","h7/Yr
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with no line terminators
Category: modified
Size (bytes): 66
Entropy (8bit): 3.849181484939944
Encrypted: false
SSDEEP: 3:Sdm2BNA2RSTSdRmGATNi2ucKKSD:SIoNLS+dADJucKKSD
MD5: 17AD92D8818879B4634DEFD3CEF77631
SHA1: 0A4C8C407DD655528EE3498A2B821A6D4452FD38
SHA-256: A3AE3345C262E04E0F261D10B95F8222511B9606F5CA1666BBFDCF071A76230A
SHA-512: 4F8D03BE7B66B946C979FF5BFCAF5D38BF1898878DF6934195BA7155A02BBE0562910A1496560EFB99FB7DDCE7C21310177FEAB7DB7C6D0F85DC49168E72988A
Malicious: false
Preview: 1.892098f8c56e659a49fd5c9421a48f42de5eccce66d4a51eede5d339d7f2637f
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text
Category: dropped
Size (bytes): 192
Entropy (8bit): 4.768796812331016
Encrypted: false
SSDEEP: 3:rR6TAulhFphifFJQRCYSZr4FgS1lppEeSWU4pv/8F/FxLj2RF2fcTZTotL:F6VlMoJSJ9S1lpuWfB0NpK4aotL
MD5: 660972A833B714D4401CDBC8D3A68DAB
SHA1: 7B12BDE3BCC42013BD05CBFABB60230D51A1642E
SHA-256: 1A6FAB562267446B2AB39209F1CAE8CC84A33121933803D82C1B467E16CB4F5D
SHA-512: FB455E9A94AA4F48399EE56793CFAE71B975E57B6299A9393EA20A4EDE769F57D807E49E62C3F1A0366CBCE1CFC493E8B4C67954A23D162B26B4EDBA832EC2E1
Malicious: false
Preview: {. "manifest_version": 2,. "name": "crl-set-11079646149079070487.data",. "version": "7191",. "imageName": "image.squash",. "squash": true,. "fsType": "squashfs",. "isRemovable": false.}
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: data
Category: dropped
Size (bytes): 93185
Entropy (8bit): 5.485798659412236
Encrypted: false
SSDEEP: 1536:1xIMwIGHDAqcaW9Yj6jf2IioayiCXNiHcmGonopFLoSYanu5ZoK:PwIGHEaW91fbGyiCXNHLono7Lo7au56K
MD5: F399BFE8BE47136D019128D6B838669B
SHA1: A703507A694340BAC1A78CE6E54DFBD641062DA5
SHA-256: E99357D12308944A5E5BE309C48D9BAEFDD6F0C80087205D60FC6A5B38489BD5
SHA-512: E8D39D2C1D0B1167A35FF922F59FF43AF38F55C2908024CB58B55D1A4A984BB2C070D5EA283B5E4742A3147522981C4005F51419725070F30994702FC03CFC41
Malicious: false
Preview: [email protected][email protected]^...........*...epaper.timesgroup.com*...nbcsports.com*...windalert.com*...kowb1290.com*...k2radio.com*...vimeo.com*...koel.com*[email protected]#googletagservices.com/tag/js/[email protected]./ad-inserter/.:........*...adcore.com.au..*[email protected]./[email protected]^[email protected][email protected]#/wp-content/plugins/wp-super-popup/[email protected])bancodevenezuela.com/imagenes/publicidad/[email protected][email protected]^.?........*[email protected]!developers.google.com/google-ads/.-........*[email protected]./adserver...........*[email protected]/css/al/ads.css.,[email protected]/nForum/*/[email protected]^.%[email protected]/banners/.E........*[email protected])daumcdn.net/adfit/static/ad-native.min.js.([email protected]/api/internal/.#[email protected]^..........0.8.@.
C:\Users\user\AppData\Local\Temp\6792_458024993\manifest.fingerprint
C:\Users\user\AppData\Local\Temp\6792_458024993\manifest.json
C:\Users\user\AppData\Local\Temp\6792_977489141\Filtering Rules
C:\Users\user\AppData\Local\Temp\6792_977489141\LICENSE.txt
Copyright Joe Security LLC 2022 Page 43 of 135
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with CRLF line terminators
Category: dropped
Size (bytes): 24623
Entropy (8bit): 4.588307081140814
Encrypted: false
SSDEEP: 384:mva5sf5dXrCN7tnBxpxkepTqzazijFgZk231Py9zD6WApYbm0:mvagXreRnTqzazWgj0v6XqD
MD5: D33AAA5246E1CE0A94FA15BA0C407AE2
SHA1: 11D197ACB61361657D638154A9416DC3249EC9FB
SHA-256: 1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311
SHA-512: 98B1B12FF0991FD7A5612141F83F69B86BC5A89DD62FC472EE5971817B7BBB612A034C746C2D81AE58FDF6873129256A89AA8BB7456022246DC4515BAAE2454B
Malicious: false
Preview: EasyList Repository Licences.... Unless otherwise noted, the contents of the EasyList repository.. (https://github.com/easylist) is dual licensed under the GNU General.. Public License version 3 of the License, or (at your option) any later.. version, and Creative Commons Attribution-ShareAlike 3.0 Unported, or.. (at your option) any later version. You may use and/or modify the files.. as permitted by either licence; if required, "The EasyList authors.. (https://easylist.to/)" should be attributed as the source of the.. material. All relevant licence files are included in the repository..... Please be aware that files hosted externally and referenced in the.. repository, including but not limited to subscriptions other than.. EasyList, EasyPrivacy, EasyList Germany and EasyList Italy, may be.. available under other conditions; permission must be granted by the.. respective copyright holders to authorise the use of their material.......Creative Commons Attribut
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 1529
Entropy (8bit): 5.99180111140989
Encrypted: false
SSDEEP: 24:pZRj/flTHYwgAgkYbKakjeT3GzkaoXRmhJPN1pofcroXu8Z2s5ftAq:p/h4wcbKabTekakR4V1poek2mfCq
MD5: D2E7DCEA16804547318D8A43830A5EBE
SHA1: ABF4255B87329341002E66957F811933D75F4A28
SHA-256: 37C7C058D6FAA1F6246F109D7570176EDF9E2155234328BAF4016DDAAA0D2032
SHA-512: E0B6C5CC02F8E21524932697C704936AF317DCBF419093D0ED7BAB7EFFC4B432F7845DC798C5D624335FD0029BB83D9CAB7154A08E13242EAB55E0D66A880706
Malicious: false
Preview: [{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJGaWx0ZXJpbmcgUnVsZXMiLCJyb290X2hhc2giOiI1LUFSa3Bjb0ZjNVZaMk45REhYU3h5WHpUS1lZbm5kUGFmRzFaQU8xcGhJIn0seyJwYXRoIjoiTElDRU5TRS50eHQiLCJyb290X2hhc2giOiIyaWswNmk0TFlCdVNHNWphRGFIS253NE9pdnVSRzZsQ0JKMVk0TGtzRFJJIn0seyJwYXRoIjoibWFuaWZlc3QuanNvbiIsInJvb3RfaGFzaCI6IkhoMHpFZnNqdVdhUVduUWE0U3VvcWVoLW0tUTFCQzdtZVdTQVFEeHowbjAifV0sImZvcm1hdCI6InRyZWVoYXNoIiwiaGFzaF9ibG9ja19zaXplIjo0MDk2fV0sIml0ZW1faWQiOiJnY21qa21nZGxnbmtrY29jbW9laW1pbmFpam1tam5paSIsIml0ZW1fdmVyc2lvbiI6IjkuMzMuMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"aP56ouYv2Q5M2ZC9EEN6ZL29IKKt4gwamZYY4MqrOSLxmc7wvE8jw1D-ZqB6rh3gyDwi_zaDRTUkv5ybqvXj4I6Thmu94JXZxrhJjY2_KS4biDEbJk9msUUl8ccMsZyZPHmMyowGvlMy2KTn2UK0-Qx-r7KrGFy2ph5K-oZmg_ci-f4z-oZDyZs2JbpWhGrL9S2ny9rVeSmKA8ut7T1MjKjbJ5K8QTvFJqYuYY7qmhEgamssu
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text, with no line terminators
Category: dropped
Size (bytes): 66
Entropy (8bit): 3.9074916581515238
Encrypted: false
SSDEEP: 3:SXAHd3SCNYAcWnV4JBLdT4:Sod9NYAYTi
MD5: BD688FA67D2251A3839F159D0DF45D39
SHA1: 59517B1C61EB7AF6A4FF5D4E6A6C07E5107A01AE
SHA-256: A7C089D349A58C850BFF85E9713D00EF965C56ADC0515090FC922FF98B8CBB21
SHA-512: C841341ED1695C2E0495B5403FAB52ABB0444D0FE7D8841D114A711EA24A48A6277F6080DA168C72F1A71780124C4A73AA33E0BCB17354FE202B8372DF8BC7E0
Malicious: false
Preview: 1.2e57d294ae2ce37ac58485ec6052861ef075fea318f9fce8fafcd6bdd86ebf57
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: ASCII text
Category: dropped
Size (bytes): 115
Entropy (8bit): 4.545910352797257
C:\Users\user\AppData\Local\Temp\6792_977489141\_metadata\verified_contents.json
C:\Users\user\AppData\Local\Temp\6792_977489141\manifest.fingerprint
C:\Users\user\AppData\Local\Temp\6792_977489141\manifest.json
Copyright Joe Security LLC 2022 Page 44 of 135
Encrypted: false
SSDEEP: 3:rR6TAulhFphifFHXG7LGMdv5HcDKhtUJKS1yVHvC:F6VlMZWuMt5SKPS1ytvC
MD5: 9D5CAB395A855CE06C84BC96B71E1825
SHA1: 4540606ECF3541E529916CAC7DB1CE80185DCF83
SHA-256: 1E1D3311FB23B966905A741AE12BA8A9E87E9BE435042EE6796480403C73D27D
SHA-512: CD34DD1E9092F475C0D269F61708DBA3D700DA55BC008A8FE9F130D3B3B1E49DA138491E397E8152B8ECA26E9564C6D0CC37BD2558E106B70830AB680EDEA757
Malicious: false
Preview: {. "manifest_version": 2,. "name": "Subresource Filtering Rules",. "ruleset_format": 1,. "version": "9.33.0".}.
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: Google Chrome extension, version 3
Category: dropped
Size (bytes): 248531
Entropy (8bit): 7.963657412635355
Encrypted: false
SSDEEP: 3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
MD5: 541F52E24FE1EF9F8E12377A6CCAE0C0
SHA1: 189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
SHA-256: 81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
SHA-512: D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
Malicious: false
Preview: Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f|.~.c.4.E.......0..0...*.H............0.......).'..b.*$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$|..|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...|!..A..L.+.=...kP.!.1..
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: very short file (no magic)
Category: dropped
Size (bytes): 1
Entropy (8bit): 0.0
Encrypted: false
SSDEEP: 3:L:L
MD5: 5058F1AF8388633F609CADB75A75DC9D
SHA1: 3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256: CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512: 0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious: false
Preview: .
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: Google Chrome extension, version 3
Category: dropped
Size (bytes): 248531
Entropy (8bit): 7.963657412635355
Encrypted: false
SSDEEP: 3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
MD5: 541F52E24FE1EF9F8E12377A6CCAE0C0
SHA1: 189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
SHA-256: 81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
SHA-512: D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
Malicious: false
C:\Users\user\AppData\Local\Temp\8bb51acf-391f-48b6-a1ed-c74a40858789.tmp
C:\Users\user\AppData\Local\Temp\a91e338d-132c-4e7a-a710-303cc0287759.tmp
C:\Users\user\AppData\Local\Temp\scoped_dir6792_833954495\8bb51acf-391f-48b6-a1ed-c74a40858789.tmp
Copyright Joe Security LLC 2022 Page 45 of 135
Preview: Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f|.~.c.4.E.......0..0...*.H............0.......).'..b.*$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$|..|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...|!..A..L.+.=...kP.!.1..
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: UTF-8 Unicode text, with CRLF line terminators
Category: dropped
Size (bytes): 796
Entropy (8bit): 4.864931792423268
Encrypted: false
SSDEEP: 12:1HEJMLkSlwZGGMLkSlwZ+WYpU34f145Gb+dgoxTyO8ZpU34f1L0frhmJ03OyZnLt:1HE7n4gn8WYpYrbhz8ZpotHOGAOf6aD
MD5: 6F8E288A9AD5B1ED8633B430E2B4D4CA
SHA1: F671D3D4BEFA431D1946D706F4192D44E29B6F08
SHA-256: A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
SHA-512: 0F87F3F0D115B872288949E59ACD3CD41B1FBC64A622D8FDA6D71FAFC5A900D92ADFBB0E7EB926F2A8759BBAA0896D48728FB719BBF5EF54AC21027328F7700C
Malicious: false
Preview: {.. "app_description": {.. "message": "........ . ... ........ .. Chrome".. },.. "app_name": {.. "message": "........ . ... ........ .. Chrome".. },.. "craw_app_unavailable": {.. "message": "........... .... ...... .. .............".. },.. "craw_connect_to_network": {.. "message": "...., ........ .. . ......".. },.. "iap_unavailable": {.. "message": "........... .... ...... .. .......... ....... .. .........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "...., ...... . Chrome.".. }..}..
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: UTF-8 Unicode text, with CRLF line terminators
Category: dropped
Size (bytes): 675
Entropy (8bit): 4.536753193530313
Encrypted: false
SSDEEP: 12:1HEJ0gbbGG0gbb+WYpU34g3YbiLO+dgyGFoO8ZpU34+puiPmb03OyZnLAOfTYABk:1HE5baib6WYpm31Lt0Z8Zp8pxOGAOfKD
MD5: 1FDAFC926391BD580B655FBAF46ED260
SHA1: C95743C3F43B2B099FEBEBC5BD850F0C20E820AC
SHA-256: C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
SHA-512: 39D95D45C5746DA3BAA7AE6A3344EA17D7A7C3569C2A56959FF119261DA08C747A320FCF701AC72B8DBDBF8BF06FD8B239017A282CDDA444F3826D4EC672CBB4
Malicious: false
Preview: {.. "app_description": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Ara mateix aquesta aplicaci. no est. disponible.".. },.. "craw_connect_to_network": {.. "message": "Connecteu-vos a una xarxa.".. },.. "iap_unavailable": {.. "message": "La funci. Pagaments a l'aplicaci. no est. disponible actualment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicieu la sessi. a Chrome.".. }..}..
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
File Type: UTF-8 Unicode text, with CRLF line terminators
Category: dropped
Size (bytes): 641
Entropy (8bit): 4.698608127109193
Encrypted: false
SSDEEP: 12:1HEJfZGGfZ+WYpU34OBh+dgN/O8ZpU34j05U03OyZnLAOfTYWc:1HEl4G8WYpdt8Zpq5TOGAOfW
MD5: 76DEC64ED1556180B452A13C83171883
SHA1: CFB1E56FD587BCDC459C1D9A683B71F9849058F9
SHA-256: 32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
SHA-512: 5230A217968D5DC463E2E92D704544311A721E5CEF65C3125CBD8DEB9C0293D3BFB5C820A6011ABF77095FDEE7DAF67D541DC202B0C9CDB0908CBB85D84885CB
Malicious: false
Preview: {.. "app_description": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "app_name": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikace v sou.asn. dob. nen. dostupn..".. },.. "craw_connect_to_network": {.. "message": "P.ipojte se pros.m k s.ti.".. },.. "iap_unavailable": {.. "message": "Platby v aplikaci aktu.ln. nejsou k dispozici.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "P.ihlaste se do Chromu.".. }..}..
C:\Users\user\AppData\Local\Temp\scoped_dir6792_833954495\CRX_INSTALL\_locales\bg\messages.json
C:\Users\user\AppData\Local\Temp\scoped_dir6792_833954495\CRX_INSTALL\_locales\ca\messages.json
C:\Users\user\AppData\Local\Temp\scoped_dir6792_833954495\CRX_INSTALL\_locales\cs\messages.json
Copyright Joe Security LLC 2022 Page 46 of 135
File type: Microsoft Word 2007+
Entropy (8bit): 7.739081533464186
TrID: Word Microsoft Office Open XML Format document (49504/1) 49.01%Word Microsoft Office Open XML Format document (43504/1) 43.07%ZIP compressed archive (8000/1) 7.92%
File name: 2022 NCAA Bracket Pool.docx
File size: 29666
MD5: d824fffc39c7c5c6e480fc76a8e441d6
SHA1: 67f52329a279457d57caad3bea76650dbbe34aa3
SHA256: a41abb8c7636e8a3ce2bd5f25f9f0595facf3334d30c3df5de24f86bc889a819
SHA512: 2caa30b6743ca24e3d45e813568bdd2f321282e86620c05e6aba1c1463f7ad6217fa7468afffa144bb19d34ae52f2d172c094f36c324839c0416660b07f34cbd
SSDEEP: 384:ewmYfGSLebHUfbeffIAM/1JF7dwDDZyxlGMjXFFcoN+0ehBHLcTSyNAkz8sprN98:F/Gp6efwB/F7d4DZyxZTcn1HVkz8s2
File Content Preview:
PK..........!.../,f...T.......[Content_Types].xml ...(.........................................................................................................................................................................................................
Icon Hash: 74fcd0d2d6d6d0cc
Total Packets: 233
• 53 (DNS)
• 443 (HTTPS)
Timestamp Source Port Dest Port Source IP Dest IP
Mar 3, 2022 08:35:27.979525089 CET 49750 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:27.979556084 CET 443 49750 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:27.979624033 CET 49750 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:27.981106043 CET 49750 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:27.981121063 CET 443 49750 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:27.996074915 CET 49751 443 192.168.2.3 172.217.23.109
Mar 3, 2022 08:35:27.996125937 CET 443 49751 172.217.23.109 192.168.2.3
Mar 3, 2022 08:35:27.996207952 CET 49751 443 192.168.2.3 172.217.23.109
Mar 3, 2022 08:35:27.996478081 CET 49751 443 192.168.2.3 172.217.23.109
Mar 3, 2022 08:35:27.996494055 CET 443 49751 172.217.23.109 192.168.2.3
Mar 3, 2022 08:35:28.000147104 CET 49752 443 192.168.2.3 208.42.248.224
Static File Info
General
File Icon
Network Behavior
Network Port Distribution
TCP Packets
Copyright Joe Security LLC 2022 Page 47 of 135
Mar 3, 2022 08:35:28.000206947 CET 443 49752 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.000310898 CET 49752 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.000891924 CET 49753 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.000925064 CET 443 49753 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.000994921 CET 49753 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.001189947 CET 49752 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.001219034 CET 443 49752 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.001410961 CET 49753 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.001434088 CET 443 49753 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.037282944 CET 443 49750 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:28.038243055 CET 49750 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:28.038274050 CET 443 49750 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:28.038639069 CET 443 49750 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:28.038732052 CET 49750 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:28.039483070 CET 443 49750 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:28.039565086 CET 49750 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:28.045793056 CET 443 49751 172.217.23.109 192.168.2.3
Mar 3, 2022 08:35:28.049318075 CET 49751 443 192.168.2.3 172.217.23.109
Mar 3, 2022 08:35:28.049369097 CET 443 49751 172.217.23.109 192.168.2.3
Mar 3, 2022 08:35:28.050395966 CET 443 49751 172.217.23.109 192.168.2.3
Mar 3, 2022 08:35:28.050484896 CET 49751 443 192.168.2.3 172.217.23.109
Mar 3, 2022 08:35:28.307995081 CET 49751 443 192.168.2.3 172.217.23.109
Mar 3, 2022 08:35:28.308305025 CET 49750 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:28.308372974 CET 443 49751 172.217.23.109 192.168.2.3
Mar 3, 2022 08:35:28.308621883 CET 443 49750 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:28.308660984 CET 49751 443 192.168.2.3 172.217.23.109
Mar 3, 2022 08:35:28.308706045 CET 443 49751 172.217.23.109 192.168.2.3
Mar 3, 2022 08:35:28.308922052 CET 49750 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:28.308969975 CET 443 49750 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:28.337838888 CET 443 49750 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:28.338004112 CET 49750 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:28.338027954 CET 443 49750 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:28.338113070 CET 49750 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:28.356894016 CET 49750 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:28.356925011 CET 443 49750 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:28.357995033 CET 443 49751 172.217.23.109 192.168.2.3
Mar 3, 2022 08:35:28.358110905 CET 49751 443 192.168.2.3 172.217.23.109
Mar 3, 2022 08:35:28.358144045 CET 443 49751 172.217.23.109 192.168.2.3
Mar 3, 2022 08:35:28.358206034 CET 49751 443 192.168.2.3 172.217.23.109
Mar 3, 2022 08:35:28.369654894 CET 49751 443 192.168.2.3 172.217.23.109
Mar 3, 2022 08:35:28.369702101 CET 443 49751 172.217.23.109 192.168.2.3
Mar 3, 2022 08:35:28.560738087 CET 443 49753 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.564265966 CET 443 49752 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.577581882 CET 49752 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.577630997 CET 443 49752 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.577735901 CET 49753 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.577780962 CET 443 49753 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.579200983 CET 443 49753 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.579292059 CET 49753 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.581065893 CET 49753 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.581135988 CET 443 49752 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.581181049 CET 443 49753 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.581284046 CET 49752 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.581743002 CET 49753 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.581764936 CET 443 49753 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.582387924 CET 49752 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.582592964 CET 443 49752 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.624383926 CET 49752 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.624413967 CET 443 49752 208.42.248.224 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2022 Page 48 of 135
Mar 3, 2022 08:35:28.624512911 CET 49753 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.724450111 CET 49752 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.866568089 CET 443 49753 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.866596937 CET 443 49753 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.866605043 CET 443 49753 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.866700888 CET 49753 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.866786957 CET 443 49753 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.866825104 CET 443 49753 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.866871119 CET 443 49753 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.866909981 CET 49753 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.866933107 CET 49753 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.866961002 CET 443 49753 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.866982937 CET 49753 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.867043972 CET 49753 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.987878084 CET 49752 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.988651991 CET 49757 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.988713026 CET 443 49757 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:28.988806009 CET 49757 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.989032030 CET 49757 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:28.989056110 CET 443 49757 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:29.000742912 CET 49758 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:29.000791073 CET 443 49758 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:29.000870943 CET 49758 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:29.001151085 CET 49758 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:29.001180887 CET 443 49758 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:29.001713991 CET 49759 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:29.001774073 CET 443 49759 208.42.248.224 192.168.2.3
Mar 3, 2022 08:35:29.001859903 CET 49759 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:29.002063036 CET 49759 443 192.168.2.3 208.42.248.224
Mar 3, 2022 08:35:29.002089024 CET 443 49759 208.42.248.224 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source Port Dest Port Source IP Dest IP
Mar 3, 2022 08:35:27.939815044 CET 51143 53 192.168.2.3 8.8.8.8
Mar 3, 2022 08:35:27.956037998 CET 56009 53 192.168.2.3 8.8.8.8
Mar 3, 2022 08:35:27.964900017 CET 53 51143 8.8.8.8 192.168.2.3
Mar 3, 2022 08:35:27.970043898 CET 59026 53 192.168.2.3 8.8.8.8
Mar 3, 2022 08:35:27.992917061 CET 53 56009 8.8.8.8 192.168.2.3
Mar 3, 2022 08:35:27.998980999 CET 53 59026 8.8.8.8 192.168.2.3
Mar 3, 2022 08:35:28.981473923 CET 55102 53 192.168.2.3 8.8.8.8
Mar 3, 2022 08:35:28.990833998 CET 56527 53 192.168.2.3 8.8.8.8
Mar 3, 2022 08:35:28.999686003 CET 49559 53 192.168.2.3 8.8.8.8
Mar 3, 2022 08:35:29.009304047 CET 53 56527 8.8.8.8 192.168.2.3
Mar 3, 2022 08:35:29.021311998 CET 53 49559 8.8.8.8 192.168.2.3
Mar 3, 2022 08:35:29.099483967 CET 52650 53 192.168.2.3 8.8.8.8
Mar 3, 2022 08:35:29.115792036 CET 53 52650 8.8.8.8 192.168.2.3
Mar 3, 2022 08:35:31.110644102 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.118303061 CET 50728 53 192.168.2.3 8.8.8.8
Mar 3, 2022 08:35:31.137756109 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.137819052 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.137892008 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.139396906 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.170756102 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.175242901 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.185684919 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.186054945 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.186198950 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.219569921 CET 443 53617 142.250.181.232 192.168.2.3
UDP Packets
Copyright Joe Security LLC 2022 Page 49 of 135
Mar 3, 2022 08:35:31.219748020 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.220144987 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.245534897 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.245594025 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.245634079 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.245672941 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.245712042 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.245749950 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.245788097 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.245826006 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.245945930 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.245986938 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.246025085 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.246057034 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.246094942 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.246335983 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.246445894 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.246453047 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.246504068 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.246573925 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.246639013 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.247081041 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.247123003 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.247315884 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.248996019 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.249037981 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.249073982 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.249862909 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.249984980 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.250355959 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.250396967 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.251197100 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.252326965 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.252368927 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.252408028 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.253730059 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.253771067 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.254833937 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.254873991 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.256439924 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.256480932 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.256519079 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.258119106 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.258161068 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.259803057 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.259840965 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.259881020 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.261363983 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.261409044 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.262963057 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.263000965 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.263039112 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.263957024 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.264792919 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.264832973 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.264861107 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.266958952 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.267000914 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.267040014 CET 443 53617 142.250.181.232 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2022 Page 50 of 135
Mar 3, 2022 08:35:31.267076969 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.267476082 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.267515898 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.268682003 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.268723965 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.270081997 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.270123959 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.270162106 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.270200014 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.272218943 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.272258043 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.272294044 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.272332907 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.272371054 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.272409916 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.274260998 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.274302959 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.274343014 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.274382114 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.275839090 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.275881052 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.275917053 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.275954962 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.277429104 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.277468920 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.277504921 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.277543068 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.279107094 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.279149055 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.279185057 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.279222965 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.280802011 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.280970097 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.281042099 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.281116962 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.281164885 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.281184912 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.281279087 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.281331062 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.281400919 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.281459093 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.281543970 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.281755924 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.281842947 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.281912088 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.282018900 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.282247066 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.282365084 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.282505035 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.282563925 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.282629013 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.282687902 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.282757044 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.282809973 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.282871962 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.282931089 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.283065081 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.283150911 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.283221006 CET 53617 443 192.168.2.3 142.250.181.232
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2022 Page 51 of 135
Mar 3, 2022 08:35:31.283272028 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.283346891 CET 53617 443 192.168.2.3 142.250.181.232
Mar 3, 2022 08:35:31.300905943 CET 443 53617 142.250.181.232 192.168.2.3
Mar 3, 2022 08:35:31.715383053 CET 53778 443 192.168.2.3 142.250.185.110
Mar 3, 2022 08:35:31.740775108 CET 443 53778 142.250.185.110 192.168.2.3
Mar 3, 2022 08:35:31.740796089 CET 443 53778 142.250.185.110 192.168.2.3
Mar 3, 2022 08:35:31.740811110 CET 443 53778 142.250.185.110 192.168.2.3
Mar 3, 2022 08:35:31.746090889 CET 53778 443 192.168.2.3 142.250.185.110
Mar 3, 2022 08:35:31.774862051 CET 443 53778 142.250.185.110 192.168.2.3
Mar 3, 2022 08:35:31.783221006 CET 53778 443 192.168.2.3 142.250.185.110
Mar 3, 2022 08:35:31.811748028 CET 53778 443 192.168.2.3 142.250.185.110
Mar 3, 2022 08:35:31.843949080 CET 443 53778 142.250.185.110 192.168.2.3
Mar 3, 2022 08:35:31.846316099 CET 53778 443 192.168.2.3 142.250.185.110
Mar 3, 2022 08:35:31.846546888 CET 53778 443 192.168.2.3 142.250.185.110
Mar 3, 2022 08:35:31.872582912 CET 443 53778 142.250.185.110 192.168.2.3
Mar 3, 2022 08:35:31.899032116 CET 53778 443 192.168.2.3 142.250.185.110
Mar 3, 2022 08:35:33.307991028 CET 60984 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:33.331115961 CET 443 60984 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:33.331655979 CET 60984 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:33.355036974 CET 443 60984 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:33.355079889 CET 443 60984 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:33.355109930 CET 443 60984 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:33.355139017 CET 443 60984 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:33.355379105 CET 60984 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:33.356451035 CET 60984 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:33.379138947 CET 60984 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:33.379319906 CET 60984 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:33.409205914 CET 443 60984 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:33.409717083 CET 60984 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:33.423675060 CET 443 60984 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:33.423703909 CET 443 60984 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:33.423743963 CET 443 60984 142.250.185.142 192.168.2.3
Mar 3, 2022 08:35:33.424110889 CET 60984 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:33.450110912 CET 60984 443 192.168.2.3 142.250.185.142
Mar 3, 2022 08:35:34.457571983 CET 58058 53 192.168.2.3 8.8.8.8
Mar 3, 2022 08:35:34.477535009 CET 53 58058 8.8.8.8 192.168.2.3
Mar 3, 2022 08:35:34.787450075 CET 51539 53 192.168.2.3 8.8.8.8
Mar 3, 2022 08:35:34.815110922 CET 53 51539 8.8.8.8 192.168.2.3
Mar 3, 2022 08:35:36.855137110 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.880757093 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.881174088 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.905215025 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.905251026 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.905273914 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.905297995 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.905850887 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.908025026 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.934338093 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.934578896 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.966048002 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.966571093 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.969362974 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.969410896 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.969448090 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.969486952 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.969525099 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.969562054 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.969599962 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.969638109 CET 443 50586 142.250.186.65 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2022 Page 52 of 135
Mar 3, 2022 08:35:36.969674110 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.969711065 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.969748974 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.970016003 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.970076084 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.970129013 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.970185995 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.970242023 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.973145962 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.973186970 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.973222017 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.973261118 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.973346949 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.973404884 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.973995924 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.974037886 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.974073887 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.974111080 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.974172115 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.974224091 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.976056099 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.976094007 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.976131916 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.976170063 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.976221085 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.976279020 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.977700949 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.977745056 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.977780104 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.977818012 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.977880001 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.977960110 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.980261087 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.980299950 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.980338097 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.980376005 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.980468988 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.980637074 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.981614113 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.981657982 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.981694937 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.981731892 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.981786013 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.981847048 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.985137939 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.985177040 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.985301018 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.985317945 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.985359907 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.986803055 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.989204884 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.989274979 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.989471912 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.989511967 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.989639997 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.990595102 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.990636110 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.990674019 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.990711927 CET 443 50586 142.250.186.65 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2022 Page 53 of 135
Mar 3, 2022 08:35:36.990858078 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.990935087 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.992101908 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.992141008 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.992291927 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.993640900 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.993683100 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.993720055 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.993757963 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.993877888 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.993947029 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.995165110 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.995206118 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.995390892 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:36.998831034 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.998871088 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.998907089 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.998944998 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.999134064 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:36.999172926 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.000305891 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.000391960 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.000396967 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.000435114 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.000473022 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.000478983 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.000513077 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.000549078 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.000586987 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.000660896 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.000729084 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.000796080 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.001674891 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.001714945 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.001753092 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.001791954 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.002044916 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.002146959 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.003968000 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.004110098 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.004158974 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.004194975 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.004232883 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.004271030 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.004404068 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.004475117 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.004545927 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.004740953 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.004782915 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.004817963 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.004856110 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.004935980 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.005017996 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.006805897 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.006846905 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.006885052 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.006922007 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.006990910 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.007040977 CET 50586 443 192.168.2.3 142.250.186.65
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2022 Page 54 of 135
Mar 3, 2022 08:35:37.008014917 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.008055925 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.008093119 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.008130074 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.008177042 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.008336067 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.009253025 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.009294033 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.009331942 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.009368896 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.009516001 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.009589911 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.010691881 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.010731936 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.010770082 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.010807037 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.010843039 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.010879040 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.010880947 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.010920048 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.010947943 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014308929 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014358997 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014394999 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014434099 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014471054 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014508963 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014548063 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014584064 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014620066 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.014621973 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014662027 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014698982 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014738083 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014775991 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014813900 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014853001 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014889002 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014926910 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.014959097 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.014964104 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.015497923 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.015537977 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.015573978 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.015610933 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.015649080 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.020896912 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.020953894 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.020992994 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.021033049 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.021070004 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.021107912 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.021164894 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.021687984 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.021735907 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.021773100 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.021811008 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.021850109 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.021927118 CET 443 50586 142.250.186.65 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2022 Page 55 of 135
Mar 3, 2022 08:35:37.021989107 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.022006989 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.022027016 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.023256063 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.023302078 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.025904894 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.025943041 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.026089907 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.026288986 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.026405096 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.026494980 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.026633978 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.027535915 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.027565002 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.027585983 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.027606010 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028228998 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028259039 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028280973 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028300047 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028321028 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028342009 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028366089 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028388023 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028407097 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028426886 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028446913 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028465986 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028487921 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028507948 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028531075 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028553009 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028570890 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028599977 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.028698921 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.030292034 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.030316114 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.030337095 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.030359030 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.030379057 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.030399084 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.030778885 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.030801058 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.030822039 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.030841112 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.034746885 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.034768105 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.034785032 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.034801006 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.034820080 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.034840107 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.034859896 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.034881115 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.034899950 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.034920931 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.035598993 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.035619020 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.035640955 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.035660982 CET 443 50586 142.250.186.65 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2022 Page 56 of 135
Mar 3, 2022 08:35:37.035681963 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.035702944 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.035722971 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.035753012 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.035768032 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.035784006 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.035797119 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.035815001 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.037303925 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.037343979 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.037385941 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.037422895 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.037461042 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.037497997 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.037533998 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.037570953 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.037609100 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.037647963 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.037687063 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.037723064 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.037760019 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.037796974 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.039376020 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.040252924 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.040477991 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.040754080 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.040847063 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.040936947 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.041248083 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.041466951 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.041686058 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.041704893 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.041718960 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.041732073 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.041744947 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.041758060 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.041769981 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.041781902 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.041793108 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.041805983 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.041927099 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.042572021 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.042592049 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.042608023 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.042624950 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.042640924 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.042655945 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.042669058 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.042685032 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.042941093 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.043858051 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.043900967 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.043940067 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.043977976 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.044015884 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.044055939 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.044094086 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.044120073 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.044131041 CET 443 50586 142.250.186.65 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2022 Page 57 of 135
Mar 3, 2022 08:35:37.044169903 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.044209003 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.044248104 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.044286013 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.044323921 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.044368982 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.044405937 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.044434071 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.044471979 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.044509888 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.044732094 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.045783043 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.045804977 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.045825958 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.045856953 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.045877934 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.045948982 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.045969009 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.045989990 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.046010017 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.046030998 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.046051979 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.046071053 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.046088934 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.046091080 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.046112061 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.046130896 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.048510075 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.048549891 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.048588037 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.048624992 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.048662901 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.048681974 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.048701048 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.048737049 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.048770905 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.048809052 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.048844099 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.054229975 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.057219982 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.057269096 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.057306051 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058089018 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058145046 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058185101 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058221102 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058259010 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058296919 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058332920 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058373928 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058410883 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058449984 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058490992 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058526993 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058563948 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058602095 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058639050 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.058676004 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.059061050 CET 443 50586 142.250.186.65 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2022 Page 58 of 135
Mar 3, 2022 08:35:37.059102058 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.059138060 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.059175968 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.059288025 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.059328079 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.059410095 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.059604883 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.059648037 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.059685946 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.059724092 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.059762955 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.059798956 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.059835911 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.059947968 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.060698986 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.060738087 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.060777903 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.060816050 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.060852051 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.060889959 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.060928106 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.060964108 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.061001062 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.061038017 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.061075926 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.061114073 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.061150074 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.061187029 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062194109 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062233925 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062271118 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062309027 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062346935 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062385082 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062424898 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062463045 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062500954 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062529087 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.062540054 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062578917 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062617064 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062654018 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062690020 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062726974 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062763929 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062800884 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062839985 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062875986 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062912941 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.062942982 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.062967062 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063003063 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063040972 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063079119 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063237906 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.063466072 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063508987 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063548088 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063585997 CET 443 50586 142.250.186.65 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2022 Page 59 of 135
Mar 3, 2022 08:35:37.063625097 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063628912 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.063662052 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063699961 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063738108 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063776016 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063815117 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063851118 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063889027 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063925982 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063961983 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.063998938 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.064035892 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.064038038 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.064074993 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.064115047 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.064151049 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.064188957 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.064229965 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.064265966 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.064399958 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.065037966 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065079927 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065120935 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065160990 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065196991 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065234900 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065272093 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065308094 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065345049 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065383911 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065421104 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065459967 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065495014 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065534115 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065571070 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065607071 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065644026 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065680981 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065718889 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.065757036 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.066528082 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.066564083 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.066612959 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.066646099 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.066675901 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.066708088 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.066740990 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.066771984 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.066803932 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.066836119 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.066864014 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.066896915 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.066926956 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.066958904 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.066989899 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067020893 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067051888 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067084074 CET 443 50586 142.250.186.65 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2022 Page 60 of 135
Mar 3, 2022 08:35:37.067115068 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067147970 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067178011 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067209959 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067240953 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067270994 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067718983 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067753077 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067785978 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067816973 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067850113 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067882061 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067914963 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067946911 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.067976952 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.068007946 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.068038940 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.068067074 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.068099022 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.068129063 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.068161011 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.068192959 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.068223953 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.068254948 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.068285942 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.068316936 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.069449902 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.069648027 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.069706917 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.069756031 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.069788933 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.069819927 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.069875956 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.069909096 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.069941044 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.069941998 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.069973946 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070007086 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070039034 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070070982 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070103884 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070132971 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070166111 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070197105 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070226908 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070255995 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070287943 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070319891 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070352077 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070384026 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070415974 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070416927 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.070447922 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070480108 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070513010 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070543051 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070574999 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070606947 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070636988 CET 443 50586 142.250.186.65 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2022 Page 61 of 135
Mar 3, 2022 08:35:37.070667982 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070699930 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070729971 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.070959091 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.071019888 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.071054935 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.071085930 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.071118116 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.071150064 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.071180105 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.071332932 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.071732998 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.072174072 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.072494030 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.072535992 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.072571993 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.072604895 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.072638035 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.072670937 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.072701931 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.072705984 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.072735071 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.072767019 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.072797060 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.072828054 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.072859049 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.072891951 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.072923899 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.072932959 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.072957039 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.072990894 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.073023081 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.073051929 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.073129892 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.077169895 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077205896 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077236891 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077267885 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077310085 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077342033 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077375889 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077394009 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.077409029 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077440977 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077474117 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077506065 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077537060 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077569008 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077600956 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077634096 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077645063 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.077667952 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077697992 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077728987 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077760935 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077790976 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077821970 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077876091 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077908039 CET 443 50586 142.250.186.65 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2022 Page 62 of 135
Mar 3, 2022 08:35:37.077939034 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077970982 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.077976942 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.078001022 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.079090118 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.079145908 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.079185009 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.079224110 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081119061 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081155062 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081188917 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081221104 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081252098 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081285000 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081316948 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081347942 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081382990 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081413031 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081444025 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081475973 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081506014 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081537962 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081569910 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081574917 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.081603050 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081691027 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.081723928 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082089901 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.082227945 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082262039 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082294941 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082329035 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082361937 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082395077 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082427025 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082457066 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082488060 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082520008 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082551956 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082585096 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082614899 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082645893 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082674026 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.082676888 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082709074 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082741976 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082773924 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082808971 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.082840919 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.083070993 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.083591938 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.083635092 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.083673000 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.083710909 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.083749056 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.083798885 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.083830118 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.083852053 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.083861113 CET 443 50586 142.250.186.65 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2022 Page 63 of 135
Mar 3, 2022 08:35:37.083894014 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.083924055 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.083955050 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.083986998 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.084018946 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.084052086 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.084081888 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.084115028 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.084146023 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.084151030 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.084175110 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.084206104 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.084238052 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.084270000 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.084302902 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.084341049 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.084372997 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.084475040 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.085258961 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.085298061 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.085328102 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.085357904 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.085397005 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.085427999 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:37.090287924 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:37.113938093 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:38.330487967 CET 53778 443 192.168.2.3 142.250.185.110
Mar 3, 2022 08:35:38.356797934 CET 443 53778 142.250.185.110 192.168.2.3
Mar 3, 2022 08:35:38.356816053 CET 443 53778 142.250.185.110 192.168.2.3
Mar 3, 2022 08:35:38.362745047 CET 53778 443 192.168.2.3 142.250.185.110
Mar 3, 2022 08:35:51.948618889 CET 50586 443 192.168.2.3 142.250.186.65
Mar 3, 2022 08:35:51.971406937 CET 443 50586 142.250.186.65 192.168.2.3
Mar 3, 2022 08:35:53.352313995 CET 53778 443 192.168.2.3 142.250.185.110
Mar 3, 2022 08:35:53.395342112 CET 443 53778 142.250.185.110 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Mar 3, 2022 08:35:27.939815044 CET 192.168.2.3 8.8.8.8 0x5954 Standard query (0)
clients2.google.com
A (IP address) IN (0x0001)
Mar 3, 2022 08:35:27.956037998 CET 192.168.2.3 8.8.8.8 0x5edd Standard query (0)
accounts.google.com
A (IP address) IN (0x0001)
Mar 3, 2022 08:35:27.970043898 CET 192.168.2.3 8.8.8.8 0xd2e8 Standard query (0)
www.officefootballpool.com
A (IP address) IN (0x0001)
Mar 3, 2022 08:35:28.981473923 CET 192.168.2.3 8.8.8.8 0x6111 Standard query (0)
code.jquery.com A (IP address) IN (0x0001)
Mar 3, 2022 08:35:28.990833998 CET 192.168.2.3 8.8.8.8 0xdc9d Standard query (0)
cdnjs.cloudflare.com
A (IP address) IN (0x0001)
Mar 3, 2022 08:35:28.999686003 CET 192.168.2.3 8.8.8.8 0xe432 Standard query (0)
stackpath.bootstrapcdn.com
A (IP address) IN (0x0001)
Mar 3, 2022 08:35:29.099483967 CET 192.168.2.3 8.8.8.8 0xe34d Standard query (0)
a.nel.cloudflare.com
A (IP address) IN (0x0001)
Mar 3, 2022 08:35:31.118303061 CET 192.168.2.3 8.8.8.8 0xe3ca Standard query (0)
www.clickcease.com
A (IP address) IN (0x0001)
Mar 3, 2022 08:35:34.457571983 CET 192.168.2.3 8.8.8.8 0x4c Standard query (0)
www.officefootballpool.com
A (IP address) IN (0x0001)
Mar 3, 2022 08:35:34.787450075 CET 192.168.2.3 8.8.8.8 0x4f60 Standard query (0)
clients2.googleusercontent.com
A (IP address) IN (0x0001)
DNS Queries
DNS Answers
Copyright Joe Security LLC 2022 Page 64 of 135
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Mar 3, 2022 08:35:27.964900017 CET
8.8.8.8 192.168.2.3 0x5954 No error (0) clients2.google.com
clients.l.google.com
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2022 08:35:27.964900017 CET
8.8.8.8 192.168.2.3 0x5954 No error (0) clients.l.google.com
142.250.185.142 A (IP address) IN (0x0001)
Mar 3, 2022 08:35:27.992917061 CET
8.8.8.8 192.168.2.3 0x5edd No error (0) accounts.google.com
172.217.23.109 A (IP address) IN (0x0001)
Mar 3, 2022 08:35:27.998980999 CET
8.8.8.8 192.168.2.3 0xd2e8 No error (0) www.officefootballpool.com
officefootballpool.com
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2022 08:35:27.998980999 CET
8.8.8.8 192.168.2.3 0xd2e8 No error (0) officefootballpool.com
208.42.248.224 A (IP address) IN (0x0001)
Mar 3, 2022 08:35:28.999207020 CET
8.8.8.8 192.168.2.3 0x6111 No error (0) code.jquery.com cds.s5x3j6q5.hwcdn.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2022 08:35:29.009304047 CET
8.8.8.8 192.168.2.3 0xdc9d No error (0) cdnjs.cloudflare.com
104.16.18.94 A (IP address) IN (0x0001)
Mar 3, 2022 08:35:29.009304047 CET
8.8.8.8 192.168.2.3 0xdc9d No error (0) cdnjs.cloudflare.com
104.16.19.94 A (IP address) IN (0x0001)
Mar 3, 2022 08:35:29.021311998 CET
8.8.8.8 192.168.2.3 0xe432 No error (0) stackpath.bootstrapcdn.com
104.18.10.207 A (IP address) IN (0x0001)
Mar 3, 2022 08:35:29.021311998 CET
8.8.8.8 192.168.2.3 0xe432 No error (0) stackpath.bootstrapcdn.com
104.18.11.207 A (IP address) IN (0x0001)
Mar 3, 2022 08:35:29.115792036 CET
8.8.8.8 192.168.2.3 0xe34d No error (0) a.nel.cloudflare.com
35.190.80.1 A (IP address) IN (0x0001)
Mar 3, 2022 08:35:29.163178921 CET
8.8.8.8 192.168.2.3 0xbe34 No error (0) gstaticadssl.l.google.com
142.250.185.195 A (IP address) IN (0x0001)
Mar 3, 2022 08:35:30.920151949 CET
8.8.8.8 192.168.2.3 0xbc28 No error (0) www-googletagmanager.l.google.com
142.250.181.232 A (IP address) IN (0x0001)
Mar 3, 2022 08:35:31.141038895 CET
8.8.8.8 192.168.2.3 0xe3ca No error (0) www.clickcease.com
www.clickcease.com.cdn.cloudflare.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2022 08:35:31.425957918 CET
8.8.8.8 192.168.2.3 0x5f79 No error (0) www-google-analytics.l.google.com
142.250.185.110 A (IP address) IN (0x0001)
Mar 3, 2022 08:35:34.477535009 CET
8.8.8.8 192.168.2.3 0x4c No error (0) www.officefootballpool.com
officefootballpool.com
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2022 08:35:34.477535009 CET
8.8.8.8 192.168.2.3 0x4c No error (0) officefootballpool.com
208.42.248.224 A (IP address) IN (0x0001)
Mar 3, 2022 08:35:34.815110922 CET
8.8.8.8 192.168.2.3 0x4f60 No error (0) clients2.googleusercontent.com
googlehosted.l.googleusercontent.com
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2022 08:35:34.815110922 CET
8.8.8.8 192.168.2.3 0x4f60 No error (0) googlehosted.l.googleusercontent.com
142.250.186.65 A (IP address) IN (0x0001)
HTTP Request Dependency Graph
Copyright Joe Security LLC 2022 Page 65 of 135
accounts.google.com
clients2.google.com
www.officefootballpool.com
https:
cdnjs.cloudflare.comstackpath.bootstrapcdn.comwww.googletagmanager.comwww.google-analytics.comfonts.gstatic.com
a.nel.cloudflare.com
clients2.googleusercontent.com
Session ID Source IP Source Port Destination IPDestinationPort
Process
0 192.168.2.3 49751 172.217.23.109 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:28 UTC 0 OUT POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
2022-03-03 07:35:28 UTC 0 OUT Data Raw: 20 Data Ascii:
2022-03-03 07:35:28 UTC 3 IN HTTP/1.1 200 OKContent-Type: application/json; charset=utf-8Access-Control-Allow-Origin: https://www.google.comAccess-Control-Allow-Credentials: trueX-Content-Type-Options: nosniffCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 03 Mar 2022 07:35:28 GMTStrict-Transport-Security: max-age=31536000; includeSubDomainsReport-To: {"group":"IdentityListAccountsHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="IdentityListAccountsHttp"Content-Security-Policy: script-src 'report-sample' 'nonce-yf03lmVCJxFrJu/T3KeYkg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'nonce-yf03lmVCJxFrJu/T3KeYkg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlistServer: ESFX-XSS-Protection: 0Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-EncodingConnection: closeTransfer-Encoding: chunked
2022-03-03 07:35:28 UTC 4 IN Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2022-03-03 07:35:28 UTC 4 IN Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
HTTPS Proxied Packets
Copyright Joe Security LLC 2022 Page 66 of 135
Session ID Source IP Source Port Destination IPDestinationPort
Process
1 192.168.2.3 49750 142.250.185.142 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:28 UTC 0 OUT GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
2022-03-03 07:35:28 UTC 1 IN HTTP/1.1 200 OKContent-Security-Policy: script-src 'report-sample' 'nonce-J7t0xWJrH8Yj47/UY/sTtw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 03 Mar 2022 07:35:28 GMTContent-Type: text/xml; charset=UTF-8X-Daynum: 5539X-Daystart: 84928X-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
2022-03-03 07:35:28 UTC 2 IN Data Raw: 35 31 66 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 35 33 39 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 38 34 39 32 38 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 51f<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5539" elapsed_seconds="84928"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2022-03-03 07:35:28 UTC 2 IN Data Raw: 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 61 Data Ascii: mmhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app><a
2022-03-03 07:35:28 UTC 3 IN Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Session ID Source IP Source Port Destination IPDestinationPort
Process
10 192.168.2.3 49761 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 67 of 135
2022-03-03 07:35:29 UTC 206 OUT GET /include/mainColors.css?v=63 HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono
2022-03-03 07:35:29 UTC 266 IN HTTP/1.1 200 OKContent-Type: text/cssExpires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Mon, 23 Aug 2021 16:07:33 GMTAccept-Ranges: bytesETag: "dc4b44fb3898d71:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:26 GMTConnection: closeContent-Length: 47178
2022-03-03 07:35:29 UTC 266 IN Data Raw: 62 6f 64 79 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 7d 0a 2f 2a 68 31 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 63 6f 6c 6f 72 3a 23 66 64 63 36 38 39 3b 7d 2a 2f 0a 68 31 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 34 33 61 34 30 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 0a 68 31 2e 6e 6f 69 6d 61 67 65 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 66 37 39 33 31 65 3b 7d 0a 2f 2a 20 68 31 2e 61 64 6d 69 6e 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 22 2e 2e 2f 69 6d 61 67 65 73 Data Ascii: body {background-color:#ffffff;background-image:none;color:#333333;}/*h1 {background-color:#333333;color:#fdc689;}*/h1 {background-color:#343a40;color:white;}h1.noimage {background-image:none;color:#f7931e;}/* h1.admin {background-image:url("../images
2022-03-03 07:35:29 UTC 314 IN Data Raw: 41 75 74 6f 50 69 63 6b 2e 70 6e 67 27 29 3b 63 6f 6c 6f 72 3a 23 66 37 39 33 31 65 3b 7d 0a 2e 73 30 31 30 31 31 2c 2e 73 30 30 30 31 31 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2e 2e 2f 69 6d 61 67 65 73 2f 4d 61 6e 61 67 65 72 50 69 63 6b 5f 52 65 76 69 76 65 64 2e 70 6e 67 27 29 3b 63 6f 6c 6f 72 3a 23 66 37 39 33 31 65 3b 7d 0a 2e 73 30 31 31 31 31 2c 2e 73 32 30 31 31 31 2c 2e 73 30 30 31 31 31 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2e 2e 2f 69 6d 61 67 65 73 2f 4d 61 6e 61 67 65 72 50 69 63 6b 5f 41 75 74 6f 70 69 63 6b 5f 52 65 76 69 76 65 64 2e 70 6e 67 27 29 3b 63 6f 6c 6f 72 3a 23 66 37 39 33 31 65 3b 7d 0a 2e 73 31 31 30 30 31 2c 2e 73 31 31 30 31 31 2c 2e 73 31 30 30 30 31 2c 2e Data Ascii: AutoPick.png');color:#f7931e;}.s01011,.s00011 {background-image:url('../images/ManagerPick_Revived.png');color:#f7931e;}.s01111,.s20111,.s00111 {background-image:url('../images/ManagerPick_Autopick_Revived.png');color:#f7931e;}.s11001,.s11011,.s10001,.
2022-03-03 07:35:30 UTC 390 IN Data Raw: 2e 6c 69 6e 6b 34 3a 68 6f 76 65 72 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 64 64 64 64 64 3b 63 6f 6c 6f 72 3a 23 31 32 34 31 36 35 3b 7d 0a 2e 72 65 71 75 69 72 65 64 20 7b 63 6f 6c 6f 72 3a 23 66 37 39 33 31 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0a 74 61 62 6c 65 2e 68 6f 6d 65 70 61 67 65 20 74 68 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 33 35 37 37 62 3b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 7d 0a 74 61 62 6c 65 2e 68 6f 6d 65 70 61 67 65 20 74 64 20 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 0a 74 61 62 6c 65 2e 68 6f Data Ascii: .link4:hover {background-color:#ffffff;border-color:#dddddd;color:#124165;}.required {color:#f7931e !important;}table.homepage th {background-color:#43577b;border-right-color:#ffffff;color:#ffffff;}table.homepage td {border-right-color:white;}table.ho
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
11 192.168.2.3 49757 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:29 UTC 207 OUT GET /themes/theme-0-1/styles.css?v=10 HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono
Copyright Joe Security LLC 2022 Page 68 of 135
2022-03-03 07:35:29 UTC 225 IN HTTP/1.1 200 OKContent-Type: text/cssExpires: Sat, 15 Feb 2025 00:00:00 GMTLast-Modified: Thu, 24 Sep 2020 19:21:54 GMTAccept-Ranges: bytesETag: "f26ba1f6a792d61:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:26 GMTConnection: closeContent-Length: 3357
2022-03-03 07:35:29 UTC 225 IN Data Raw: 0d 0a 0d 0a 09 09 09 2f 2a 20 74 68 65 6d 65 20 74 68 65 6d 65 2d 30 2d 31 2e 63 73 73 20 67 65 6e 65 72 61 74 65 64 20 6f 6e 20 32 34 2d 53 65 70 2d 32 30 20 2a 2f 0d 0a 0d 0a 09 09 09 23 68 65 61 64 65 72 2d 77 72 61 70 70 65 72 20 7b 0d 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 48 53 4c 41 28 32 30 36 2c 20 37 30 25 2c 20 31 34 25 2c 31 29 3b 0d 0a 09 09 09 7d 0d 0a 09 09 09 2e 77 65 6c 63 6f 6d 65 20 7b 0d 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 48 53 4c 41 28 30 2c 20 30 25 2c 20 31 30 30 25 2c 20 31 2e 30 30 29 3b 0d 0a 09 09 09 7d 0d 0a 09 09 09 2e 68 65 61 64 65 72 4c 6f 67 6f 20 7b 0d 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 48 53 4c 41 28 33 32 2c 20 39 33 25 2c 20 35 34 25 2c 20 31 2e 30 30 29 3b Data Ascii: /* theme theme-0-1.css generated on 24-Sep-20 */#header-wrapper {background-color:HSLA(206, 70%, 14%,1);}.welcome {color: HSLA(0, 0%, 100%, 1.00);}.headerLogo {background-color: HSLA(32, 93%, 54%, 1.00);
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
12 192.168.2.3 49760 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:29 UTC 208 OUT GET /include/start-a-pool-v2.css?v=63 HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono
2022-03-03 07:35:29 UTC 229 IN HTTP/1.1 200 OKContent-Type: text/cssExpires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Mon, 24 Jun 2019 22:57:22 GMTAccept-Ranges: bytesETag: "2499e2ee02ad51:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:26 GMTConnection: closeContent-Length: 5076
2022-03-03 07:35:29 UTC 229 IN Data Raw: 20 20 20 20 2f 2a 20 2e 73 74 61 72 74 50 6f 6f 6c 48 65 61 64 65 72 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 31 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 0d 0a 0d 0a 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 2e 73 74 61 72 74 50 6f 6f 6c 48 65 61 64 65 72 20 68 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f Data Ascii: /* .startPoolHeader { color:#ffffff; padding:20px; position:relative; z-index: 1; font-size:1.2em; } .startPoolHeader h1 { background-color:transparent; colo
Session ID Source IP Source Port Destination IPDestinationPort
Process
13 192.168.2.3 49774 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 69 of 135
2022-03-03 07:35:30 UTC 420 OUT GET /include/fontawesome-pro/css/all.css HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono
2022-03-03 07:35:30 UTC 433 IN HTTP/1.1 200 OKContent-Type: text/cssExpires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Tue, 12 Feb 2019 20:19:56 GMTAccept-Ranges: bytesETag: "2fb6375210c3d41:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:27 GMTConnection: closeContent-Length: 98708
2022-03-03 07:35:30 UTC 434 IN Data Raw: 2e 66 61 2c 0a 2e 66 61 73 2c 0a 2e 66 61 72 2c 0a 2e 66 61 6c 2c 0a 2e 66 61 62 20 7b 0a 20 20 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 67 72 61 79 73 63 61 6c 65 3b 0a 20 20 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0a 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 76 61 72 69 61 6e 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 74 65 78 74 2d 72 65 6e 64 65 72 69 6e 67 3a 20 61 75 74 6f 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 20 7d 0a 0a 2e 66 61 2d 6c 67 20 7b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 33 33 33 33 33 65 6d 3b Data Ascii: .fa,.fas,.far,.fal,.fab { -moz-osx-font-smoothing: grayscale; -webkit-font-smoothing: antialiased; display: inline-block; font-style: normal; font-variant: normal; text-rendering: auto; line-height: 1; }.fa-lg { font-size: 1.33333em;
2022-03-03 07:35:30 UTC 476 IN Data Raw: 70 6c 75 73 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 32 37 31 22 3b 20 7d 0a 0a 2e 66 61 2d 63 61 6c 65 6e 64 61 72 2d 73 74 61 72 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 37 33 36 22 3b 20 7d 0a 0a 2e 66 61 2d 63 61 6c 65 6e 64 61 72 2d 74 69 6d 65 73 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 32 37 33 22 3b 20 7d 0a 0a 2e 66 61 2d 63 61 6c 65 6e 64 61 72 2d 77 65 65 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 37 38 34 22 3b 20 7d 0a 0a 2e 66 61 2d 63 61 6d 65 72 61 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 33 30 22 3b 20 7d 0a 0a 2e 66 61 2d 63 61 6d 65 72 61 2d 61 6c 74 3a 62 65 66 6f 72 65 20 7b 0a Data Ascii: plus:before { content: "\f271"; }.fa-calendar-star:before { content: "\f736"; }.fa-calendar-times:before { content: "\f273"; }.fa-calendar-week:before { content: "\f784"; }.fa-camera:before { content: "\f030"; }.fa-camera-alt:before {
2022-03-03 07:35:30 UTC 508 IN Data Raw: 65 62 61 79 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 34 66 34 22 3b 20 7d 0a 0a 2e 66 61 2d 65 63 6c 69 70 73 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 37 34 39 22 3b 20 7d 0a 0a 2e 66 61 2d 65 63 6c 69 70 73 65 2d 61 6c 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 37 34 61 22 3b 20 7d 0a 0a 2e 66 61 2d 65 64 67 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 32 38 32 22 3b 20 7d 0a 0a 2e 66 61 2d 65 64 69 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 34 22 3b 20 7d 0a 0a 2e 66 61 2d 65 67 67 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 37 66 62 22 3b 20 7d 0a 0a 2e 66 61 2d Data Ascii: ebay:before { content: "\f4f4"; }.fa-eclipse:before { content: "\f749"; }.fa-eclipse-alt:before { content: "\f74a"; }.fa-edge:before { content: "\f282"; }.fa-edit:before { content: "\f044"; }.fa-egg:before { content: "\f7fb"; }.fa-
2022-03-03 07:35:30 UTC 524 IN Data Raw: 6e 74 65 6e 74 3a 20 22 5c 66 32 35 34 22 3b 20 7d 0a 0a 2e 66 61 2d 68 6f 75 72 67 6c 61 73 73 2d 65 6e 64 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 32 35 33 22 3b 20 7d 0a 0a 2e 66 61 2d 68 6f 75 72 67 6c 61 73 73 2d 68 61 6c 66 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 32 35 32 22 3b 20 7d 0a 0a 2e 66 61 2d 68 6f 75 72 67 6c 61 73 73 2d 73 74 61 72 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 32 35 31 22 3b 20 7d 0a 0a 2e 66 61 2d 68 6f 75 73 65 2d 64 61 6d 61 67 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 36 66 31 22 3b 20 7d 0a 0a 2e 66 61 2d 68 6f 75 73 65 2d 66 6c 6f 6f 64 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 Data Ascii: ntent: "\f254"; }.fa-hourglass-end:before { content: "\f253"; }.fa-hourglass-half:before { content: "\f252"; }.fa-hourglass-start:before { content: "\f251"; }.fa-house-damage:before { content: "\f6f1"; }.fa-house-flood:before { content
2022-03-03 07:35:30 UTC 540 IN Data Raw: 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 32 33 31 22 3b 20 7d 0a 0a 2e 66 61 2d 70 69 6e 74 65 72 65 73 74 2d 73 71 75 61 72 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 64 33 22 3b 20 7d 0a 0a 2e 66 61 2d 70 69 7a 7a 61 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 38 31 37 22 3b 20 7d 0a 0a 2e 66 61 2d 70 69 7a 7a 61 2d 73 6c 69 63 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 38 31 38 22 3b 20 7d 0a 0a 2e 66 61 2d 70 6c 61 63 65 2d 6f 66 2d 77 6f 72 73 68 69 70 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 36 37 66 22 3b 20 7d 0a 0a 2e 66 61 2d 70 6c 61 6e 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 Data Ascii: efore { content: "\f231"; }.fa-pinterest-square:before { content: "\f0d3"; }.fa-pizza:before { content: "\f817"; }.fa-pizza-slice:before { content: "\f818"; }.fa-place-of-worship:before { content: "\f67f"; }.fa-plane:before { content
2022-03-03 07:35:30 UTC 540 IN Data Raw: 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 33 64 65 22 3b 20 7d 0a 0a 2e 66 61 2d 70 6c 61 6e 65 2d 61 72 72 69 76 61 6c 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 35 61 66 22 3b 20 7d 0a 0a 2e 66 61 2d 70 6c 61 6e 65 2d 64 65 70 61 72 74 75 72 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 35 62 30 22 3b 20 7d 0a 0a 2e 66 61 2d 70 6c 61 79 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 62 22 3b 20 7d 0a 0a 2e 66 61 2d 70 6c 61 79 2d 63 69 72 63 6c 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 31 34 34 22 3b 20 7d 0a 0a 2e 66 61 2d 70 6c 61 79 73 74 61 74 69 6f 6e 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e Data Ascii: efore { content: "\f3de"; }.fa-plane-arrival:before { content: "\f5af"; }.fa-plane-departure:before { content: "\f5b0"; }.fa-play:before { content: "\f04b"; }.fa-play-circle:before { content: "\f144"; }.fa-playstation:before { conten
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 70 of 135
2022-03-03 07:35:30 UTC 601 IN Data Raw: 2d 61 6c 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 33 66 63 22 3b 20 7d 0a 0a 2e 66 61 2d 74 61 62 6c 65 74 2d 72 75 67 67 65 64 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 34 38 66 22 3b 20 7d 0a 0a 2e 66 61 2d 74 61 62 6c 65 74 73 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 34 39 30 22 3b 20 7d 0a 0a 2e 66 61 2d 74 61 63 68 6f 6d 65 74 65 72 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 65 34 22 3b 20 7d 0a 0a 2e 66 61 2d 74 61 63 68 6f 6d 65 74 65 72 2d 61 6c 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 33 66 64 22 3b 20 7d 0a 0a 2e 66 61 2d 74 61 63 68 6f 6d 65 74 65 72 2d 61 6c 74 2d 61 76 65 72 61 67 65 Data Ascii: -alt:before { content: "\f3fc"; }.fa-tablet-rugged:before { content: "\f48f"; }.fa-tablets:before { content: "\f490"; }.fa-tachometer:before { content: "\f0e4"; }.fa-tachometer-alt:before { content: "\f3fd"; }.fa-tachometer-alt-average
2022-03-03 07:35:30 UTC 617 IN Data Raw: 6e 74 73 2f 66 61 2d 73 6f 6c 69 64 2d 39 30 30 2e 65 6f 74 22 29 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 22 2e 2e 2f 77 65 62 66 6f 6e 74 73 2f 66 61 2d 73 6f 6c 69 64 2d 39 30 30 2e 65 6f 74 3f 23 69 65 66 69 78 22 29 20 66 6f 72 6d 61 74 28 22 65 6d 62 65 64 64 65 64 2d 6f 70 65 6e 74 79 70 65 22 29 2c 20 75 72 6c 28 22 2e 2e 2f 77 65 62 66 6f 6e 74 73 2f 66 61 2d 73 6f 6c 69 64 2d 39 30 30 2e 77 6f 66 66 32 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 32 22 29 2c 20 75 72 6c 28 22 2e 2e 2f 77 65 62 66 6f 6e 74 73 2f 66 61 2d 73 6f 6c 69 64 2d 39 30 30 2e 77 6f 66 66 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 22 29 2c 20 75 72 6c 28 22 2e 2e 2f 77 65 62 66 6f 6e 74 73 2f 66 61 2d 73 6f 6c 69 64 2d 39 30 30 2e 74 74 66 22 29 20 66 6f 72 6d 61 74 28 22 Data Ascii: nts/fa-solid-900.eot"); src: url("../webfonts/fa-solid-900.eot?#iefix") format("embedded-opentype"), url("../webfonts/fa-solid-900.woff2") format("woff2"), url("../webfonts/fa-solid-900.woff") format("woff"), url("../webfonts/fa-solid-900.ttf") format("
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
14 192.168.2.3 49776 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:30 UTC 421 OUT GET /include/documentReady-v6.js?v=24 HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono
2022-03-03 07:35:30 UTC 449 IN HTTP/1.1 200 OKContent-Type: application/x-javascriptExpires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Fri, 16 Oct 2020 22:32:50 GMTAccept-Ranges: bytesETag: "f12dc947ca4d61:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:27 GMTConnection: closeContent-Length: 10455
2022-03-03 07:35:30 UTC 450 IN Data Raw: 2f 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0d 0a 46 69 6c 65 3a 20 20 09 09 64 6f 63 75 6d 65 6e 74 52 65 61 64 79 2d 76 58 2e 6a 73 0d 0a 43 72 65 61 74 65 64 3a 20 20 09 41 75 67 20 32 30 31 37 0d 0a 50 75 72 70 6f 73 65 3a 20 20 20 20 44 6f 63 75 6d 65 6e 74 20 52 65 61 64 79 20 46 75 6e 63 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 77 65 62 73 69 74 65 2e 0d 0a 0d 0a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a Data Ascii: /******************************************************************************File: documentReady-vX.jsCreated: Aug 2017Purpose: Document Ready Function for the website.*******************************************************************
Session ID Source IP Source Port Destination IPDestinationPort
Process
15 192.168.2.3 49775 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 71 of 135
2022-03-03 07:35:30 UTC 421 OUT GET /include/general-v46.js?v=24 HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono
2022-03-03 07:35:30 UTC 460 IN HTTP/1.1 200 OKContent-Type: application/x-javascriptExpires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Thu, 11 Nov 2021 22:10:22 GMTAccept-Ranges: bytesETag: "4328f2eb48d7d71:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:27 GMTConnection: closeContent-Length: 78283
2022-03-03 07:35:30 UTC 460 IN Data Raw: 0d 0a 66 75 6e 63 74 69 6f 6e 20 73 6f 72 74 54 61 62 6c 65 28 69 64 2c 20 63 6f 6c 2c 20 72 65 76 2c 20 72 61 6e 6b 73 2c 20 6f 64 64 45 76 65 6e 2c 20 69 67 6e 6f 72 65 54 69 65 73 2c 20 73 6f 72 74 54 79 70 65 46 6c 61 67 2c 20 66 75 6e 63 74 69 6f 6e 4e 61 6d 65 29 20 7b 0d 0a 09 2f 2f 20 66 6f 72 20 49 45 2e 20 6f 74 68 65 72 77 69 73 65 20 64 6f 20 6f 64 64 45 76 65 6e 20 3d 20 66 61 6c 73 65 20 69 6e 20 74 68 65 20 64 65 63 6c 61 72 61 74 69 6f 6e 0d 0a 09 76 61 72 20 6f 64 64 45 76 65 6e 20 3d 20 6f 64 64 45 76 65 6e 20 7c 7c 20 66 61 6c 73 65 3b 0d 0a 09 76 61 72 20 69 67 6e 6f 72 65 54 69 65 73 20 3d 20 69 67 6e 6f 72 65 54 69 65 73 20 7c 7c 20 66 61 6c 73 65 3b 0d 0a 0d 0a 09 09 09 2f 2f 20 43 72 65 61 74 65 20 74 68 65 20 74 61 62 6c 65 20 72 Data Ascii: function sortTable(id, col, rev, ranks, oddEven, ignoreTies, sortTypeFlag, functionName) {// for IE. otherwise do oddEven = false in the declarationvar oddEven = oddEven || false;var ignoreTies = ignoreTies || false;// Create the table r
2022-03-03 07:35:30 UTC 492 IN Data Raw: 72 69 74 65 20 74 6f 20 6f 76 65 72 77 72 69 74 65 20 70 61 67 65 0d 0a 09 09 7d 0d 0a 0d 0a 7d 0d 0a 0d 0a 2f 2a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 38 2e 09 6c 6f 61 64 58 4d 4c 44 6f 63 50 6f 73 74 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2a 2f 0d 0a 66 75 6e 63 74 69 6f 6e 20 6c 6f 61 64 58 4d 4c 44 6f 63 50 6f 73 74 28 75 72 6c 29 0d 0a 7b 0d 0a 09 78 6d 6c 68 Data Ascii: rite to overwrite page}}/*-----------------------------------------------------------------------------8.loadXMLDocPost-----------------------------------------------------------------------------*/function loadXMLDocPost(url){xmlh
2022-03-03 07:35:30 UTC 556 IN Data Raw: 2f 2f 72 65 6d 6f 76 65 20 61 6e 79 20 65 78 69 73 74 69 6e 67 20 70 6f 70 75 70 0d 0a 09 09 24 28 27 23 6f 66 70 50 6f 70 55 70 27 29 2e 72 65 6d 6f 76 65 28 29 3b 0d 0a 09 7d 0d 0a 09 63 75 73 74 6f 6d 41 6c 65 72 74 28 30 2c 6d 65 73 73 61 67 65 2c 74 69 74 6c 65 29 3b 0d 0a 0d 0a 09 69 66 20 28 24 2e 69 73 46 75 6e 63 74 69 6f 6e 28 6f 66 70 50 6f 70 55 70 43 6c 6f 73 65 46 6e 29 29 20 7b 0d 0a 09 09 24 28 27 2e 62 74 6e 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 27 29 2e 6f 6e 28 27 63 6c 69 63 6b 27 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 6f 66 70 50 6f 70 55 70 43 6c 6f 73 65 46 6e 28 29 3b 7d 29 3b 0d 0a 09 7d 0d 0a 09 2f 2f 20 65 6c 73 65 20 7b 0d 0a 09 2f 2f 20 09 24 28 27 23 6f 66 70 50 6f 70 55 70 27 29 2e 6f 6e 28 27 63 6c 69 63 6b 27 2c 20 Data Ascii: //remove any existing popup$('#ofpPopUp').remove();}customAlert(0,message,title);if ($.isFunction(ofpPopUpCloseFn)) {$('.btn.btn-secondary').on('click', function() {ofpPopUpCloseFn();});}// else {// $('#ofpPopUp').on('click',
2022-03-03 07:35:30 UTC 572 IN Data Raw: 0d 0a 09 09 09 09 09 09 09 7d 0d 0a 09 09 09 09 09 09 7d 29 3b 20 20 2f 2f 61 74 74 61 63 68 20 74 68 65 20 6f 6e 6d 6f 75 73 65 6f 75 74 20 65 76 65 6e 74 20 28 73 6f 20 74 68 61 74 20 74 68 65 20 6d 65 6e 75 20 77 69 6c 6c 20 63 6c 6f 73 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 69 66 20 79 6f 75 20 74 61 6b 65 20 74 68 65 20 6d 6f 75 73 65 20 73 6f 6d 65 77 68 65 72 65 20 6f 75 74 2e 0d 0a 0d 0a 09 09 09 09 09 7d 0d 0a 09 09 09 09 09 65 6c 73 65 20 7b 0d 0a 09 09 09 09 09 09 6d 61 69 6e 49 74 65 6d 2e 61 70 70 65 6e 64 28 22 3c 61 20 63 6c 61 73 73 3d 27 64 72 6f 70 6c 69 6e 6b 27 20 68 72 65 66 3d 27 22 2b 74 61 72 67 65 74 2b 22 27 3e 22 2b 6e 61 6d 65 2b 22 3c 2f 61 3e 22 29 3b 0d 0a 09 09 09 09 09 7d 0d 0a 09 09 09 09 7d 0d 0a 09 09 09 7d 29 Data Ascii: }}); //attach the onmouseout event (so that the menu will close automatically if you take the mouse somewhere out.}else {mainItem.append("<a class='droplink' href='"+target+"'>"+name+"</a>");}}})
2022-03-03 07:35:30 UTC 588 IN Data Raw: 65 6b 4c 69 73 74 49 74 65 6d 2e 63 6c 69 63 6b 28 7b 79 65 61 72 3a 70 6f 6f 6c 57 65 65 6b 73 5b 69 6e 64 65 78 5d 7d 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 69 66 20 28 75 72 6c 2e 69 6e 64 65 78 4f 66 28 27 3f 27 29 20 3d 3d 20 2d 31 29 20 7b 0d 0a 09 09 09 09 09 76 61 72 20 67 6f 74 6f 55 72 6c 20 3d 20 75 72 6c 2b 27 3f 77 65 65 6b 69 64 3d 27 2b 24 28 74 68 69 73 29 2e 64 61 74 61 28 27 77 65 65 6b 69 64 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 65 6c 73 65 20 7b 0d 0a 09 09 09 09 09 76 61 72 20 67 6f 74 6f 55 72 6c 20 3d 20 75 72 6c 2b 27 26 77 65 65 6b 69 64 3d 27 2b 24 28 74 68 69 73 29 2e 64 61 74 61 28 27 77 65 65 6b 69 64 27 29 3b 0d Data Ascii: ekListItem.click({year:poolWeeks[index]}, function () { if (url.indexOf('?') == -1) {var gotoUrl = url+'?weekid='+$(this).data('weekid'); } else {var gotoUrl = url+'&weekid='+$(this).data('weekid');
2022-03-03 07:35:30 UTC 588 IN Data Raw: 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 67 6f 74 6f 55 72 6c 3b 20 20 20 20 20 20 20 20 20 20 20 20 09 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 65 65 6b 4c 69 73 74 2e 61 70 70 65 6e 64 28 77 65 65 6b 4c 69 73 74 49 74 65 6d 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 27 77 65 65 6b 49 64 3a 20 27 2b 77 65 65 6b 49 64 2b 27 20 69 6e 64 65 78 3a 20 27 2b 69 6e 64 65 78 2b 27 20 6c 6f 6f 70 20 77 65 65 6b 69 64 3a 20 27 2b 70 6f 6f 6c 57 65 65 6b 73 5b 69 6e 64 65 78 5d 2e 77 65 65 6b 69 64 29 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: pPropagation(); window.location.href = gotoUrl; }); weekList.append(weekListItem); //console.log('weekId: '+weekId+' index: '+index+' loop weekid: '+poolWeeks[index].weekid)
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 72 of 135
Session ID Source IP Source Port Destination IPDestinationPort
Process
16 192.168.2.3 49786 142.250.181.232 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:30 UTC 617 OUT GET /gtm.js?id=GTM-NMB7W5W HTTP/1.1Host: www.googletagmanager.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
2022-03-03 07:35:31 UTC 618 IN HTTP/1.1 200 OKContent-Type: application/javascript; charset=UTF-8Access-Control-Allow-Origin: *Access-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Cache-ControlVary: Accept-EncodingDate: Thu, 03 Mar 2022 07:35:31 GMTExpires: Thu, 03 Mar 2022 07:35:31 GMTCache-Control: private, max-age=900Last-Modified: Thu, 03 Mar 2022 06:00:00 GMTStrict-Transport-Security: max-age=31536000; includeSubDomainsCross-Origin-Resource-Policy: cross-originServer: Google Tag ManagerX-XSS-Protection: 0Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneConnection: closeTransfer-Encoding: chunked
2022-03-03 07:35:31 UTC 618 IN Data Raw: 38 30 30 30 0d 0a 0a 2f 2f 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 32 20 47 6f 6f 67 6c 65 20 49 6e 63 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 0a 76 61 72 20 64 61 74 61 20 3d 20 7b 0a 22 72 65 73 6f 75 72 63 65 22 3a 20 7b 0a 20 20 22 76 65 72 73 69 6f 6e 22 3a 22 31 38 22 2c 0a 20 20 0a 20 20 22 6d 61 63 72 6f 73 22 3a 5b 7b 22 66 75 6e 63 74 69 6f 6e 22 3a 22 5f 5f 65 22 7d 2c 7b 22 66 75 6e 63 74 69 6f 6e 22 3a 22 5f 5f 75 22 2c 22 76 74 70 5f 63 6f 6d 70 6f 6e 65 6e 74 22 3a 22 55 52 4c 22 2c 22 76 74 70 5f 65 6e 61 62 6c 65 4d 75 6c 74 69 51 75 65 72 79 4b 65 79 73 22 3a 66 61 6c 73 65 2c 22 76 74 70 5f 65 6e 61 62 6c 65 49 67 6e 6f 72 65 45 6d 70 74 79 51 75 65 72 79 50 61 72 61 Data Ascii: 8000// Copyright 2012 Google Inc. All rights reserved.(function(){var data = {"resource": { "version":"18", "macros":[{"function":"__e"},{"function":"__u","vtp_component":"URL","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryPara
2022-03-03 07:35:31 UTC 619 IN Data Raw: 75 65 72 79 4b 65 79 73 22 3a 66 61 6c 73 65 2c 22 76 74 70 5f 65 6e 61 62 6c 65 49 67 6e 6f 72 65 45 6d 70 74 79 51 75 65 72 79 50 61 72 61 6d 22 3a 66 61 6c 73 65 7d 2c 7b 22 66 75 6e 63 74 69 6f 6e 22 3a 22 5f 5f 75 22 2c 22 76 74 70 5f 63 6f 6d 70 6f 6e 65 6e 74 22 3a 22 50 41 54 48 22 2c 22 76 74 70 5f 65 6e 61 62 6c 65 4d 75 6c 74 69 51 75 65 72 79 4b 65 79 73 22 3a 66 61 6c 73 65 2c 22 76 74 70 5f 65 6e 61 62 6c 65 49 67 6e 6f 72 65 45 6d 70 74 79 51 75 65 72 79 50 61 72 61 6d 22 3a 66 61 6c 73 65 7d 2c 7b 22 66 75 6e 63 74 69 6f 6e 22 3a 22 5f 5f 66 22 2c 22 76 74 70 5f 63 6f 6d 70 6f 6e 65 6e 74 22 3a 22 55 52 4c 22 7d 2c 7b 22 66 75 6e 63 74 69 6f 6e 22 3a 22 5f 5f 65 22 7d 5d 2c 0a 20 20 22 74 61 67 73 22 3a 5b 7b 22 66 75 6e 63 74 69 6f 6e 22 Data Ascii: ueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"PATH","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__f","vtp_component":"URL"},{"function":"__e"}], "tags":[{"function"
2022-03-03 07:35:31 UTC 620 IN Data Raw: 61 62 6c 65 52 64 70 43 68 65 63 6b 62 6f 78 22 3a 74 72 75 65 2c 22 76 74 70 5f 65 6e 61 62 6c 65 54 72 61 6e 73 70 6f 72 74 55 72 6c 22 3a 66 61 6c 73 65 2c 22 76 74 70 5f 65 6e 61 62 6c 65 43 75 73 74 6f 6d 50 61 72 61 6d 73 22 3a 66 61 6c 73 65 2c 22 74 61 67 5f 69 64 22 3a 38 7d 2c 7b 22 66 75 6e 63 74 69 6f 6e 22 3a 22 5f 5f 61 77 63 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 6d 61 70 22 5d 2c 22 6f 6e 63 65 5f 70 65 72 5f 65 76 65 6e 74 22 3a 74 72 75 65 2c 22 76 74 70 5f 65 6e 61 62 6c 65 4e 65 77 43 75 73 74 6f 6d 65 72 52 65 70 6f 72 74 69 6e 67 22 3a 66 61 6c 73 65 2c 22 76 74 70 5f 65 6e 61 62 6c 65 43 6f 6e 76 65 72 73 69 6f 6e 4c 69 6e 6b 65 72 22 3a 74 72 75 65 2c 22 76 74 70 5f 65 6e 61 62 6c 65 50 72 6f 64 75 63 74 52 65 70 6f 72 74 Data Ascii: ableRdpCheckbox":true,"vtp_enableTransportUrl":false,"vtp_enableCustomParams":false,"tag_id":8},{"function":"__awct","metadata":["map"],"once_per_event":true,"vtp_enableNewCustomerReporting":false,"vtp_enableConversionLinker":true,"vtp_enableProductReport
2022-03-03 07:35:31 UTC 621 IN Data Raw: 61 6e 73 70 6f 72 74 55 72 6c 22 3a 66 61 6c 73 65 2c 22 76 74 70 5f 65 6e 61 62 6c 65 43 75 73 74 6f 6d 50 61 72 61 6d 73 22 3a 66 61 6c 73 65 2c 22 74 61 67 5f 69 64 22 3a 31 33 7d 2c 7b 22 66 75 6e 63 74 69 6f 6e 22 3a 22 5f 5f 67 61 61 77 65 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 6d 61 70 22 5d 2c 22 6f 6e 63 65 5f 70 65 72 5f 65 76 65 6e 74 22 3a 74 72 75 65 2c 22 76 74 70 5f 65 76 65 6e 74 4e 61 6d 65 22 3a 22 53 63 72 6f 6c 6c 20 44 65 70 74 68 22 2c 22 76 74 70 5f 6d 65 61 73 75 72 65 6d 65 6e 74 49 64 22 3a 22 47 2d 46 58 42 46 36 42 52 4a 30 4c 22 2c 22 76 74 70 5f 65 6e 61 62 6c 65 55 73 65 72 50 72 6f 70 65 72 74 69 65 73 22 3a 74 72 75 65 2c 22 76 74 70 5f 65 6e 61 62 6c 65 4d 6f 72 65 53 65 74 74 69 6e 67 73 4f 70 74 69 6f 6e 22 3a 66 Data Ascii: ansportUrl":false,"vtp_enableCustomParams":false,"tag_id":13},{"function":"__gaawe","metadata":["map"],"once_per_event":true,"vtp_eventName":"Scroll Depth","vtp_measurementId":"G-FXBF6BRJ0L","vtp_enableUserProperties":true,"vtp_enableMoreSettingsOption":f
Copyright Joe Security LLC 2022 Page 73 of 135
2022-03-03 07:35:31 UTC 623 IN Data Raw: 61 63 72 6f 42 65 68 61 76 69 6f 72 22 3a 66 61 6c 73 65 2c 22 74 61 67 5f 69 64 22 3a 33 7d 2c 7b 22 66 75 6e 63 74 69 6f 6e 22 3a 22 5f 5f 68 74 6d 6c 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 6d 61 70 22 5d 2c 22 6f 6e 63 65 5f 70 65 72 5f 65 76 65 6e 74 22 3a 74 72 75 65 2c 22 76 74 70 5f 68 74 6d 6c 22 3a 22 5c 6e 5c 75 30 30 33 43 73 63 72 69 70 74 20 61 73 79 6e 63 20 64 61 74 61 2d 67 74 6d 73 72 63 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 5c 2f 67 74 61 67 5c 2f 6a 73 3f 69 64 3d 55 41 2d 32 31 37 30 37 33 33 35 39 2d 31 5c 22 20 74 79 70 65 3d 5c 22 74 65 78 74 5c 2f 67 74 6d 73 63 72 69 70 74 5c 22 5c 75 30 30 33 45 5c 75 30 30 33 43 5c 2f 73 63 72 69 70 74 5c 75 30 30 33 Data Ascii: acroBehavior":false,"tag_id":3},{"function":"__html","metadata":["map"],"once_per_event":true,"vtp_html":"\n\u003Cscript async data-gtmsrc=\"https:\/\/www.googletagmanager.com\/gtag\/js?id=UA-217073359-1\" type=\"text\/gtmscript\"\u003E\u003C\/script\u003
2022-03-03 07:35:31 UTC 624 IN Data Raw: 6f 72 61 67 65 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 5c 2f 69 6e 73 74 61 70 61 67 65 2d 61 73 73 65 74 73 5c 2f 63 6f 6e 76 65 72 73 69 6f 6e 2d 65 78 74 65 72 6e 61 6c 2e 6a 73 5c 22 5c 75 30 30 33 45 5c 75 30 30 33 43 5c 2f 73 63 72 69 70 74 5c 75 30 30 33 45 5c 75 30 30 33 43 69 66 72 61 6d 65 20 63 6c 61 73 73 3d 5c 22 69 6e 73 74 61 70 61 67 65 2d 6e 6f 73 63 72 61 70 5c 22 20 73 72 63 3d 5c 22 5c 2f 5c 2f 64 33 6d 77 68 78 67 7a 6c 74 70 6e 79 70 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 5c 2f 6c 6f 63 61 6c 2d 73 74 6f 72 61 67 65 5c 2f 69 6e 64 65 78 2e 68 74 6d 6c 5c 22 20 6e 61 6d 65 3d 5c 22 69 6e 73 74 61 70 61 67 65 2d 6c 6f 63 61 6c 2d 73 74 6f 72 61 67 65 5c 22 20 68 65 69 67 68 74 3d 5c 22 30 70 78 5c 22 20 77 69 64 74 68 3d 5c Data Ascii: orage.googleapis.com\/instapage-assets\/conversion-external.js\"\u003E\u003C\/script\u003E\u003Ciframe class=\"instapage-noscrap\" src=\"\/\/d3mwhxgzltpnyp.cloudfront.net\/local-storage\/index.html\" name=\"instapage-local-storage\" height=\"0px\" width=\
2022-03-03 07:35:31 UTC 625 IN Data Raw: 65 72 73 69 6f 6e 2d 65 78 74 65 72 6e 61 6c 2e 6a 73 5c 22 5c 75 30 30 33 45 5c 75 30 30 33 43 5c 2f 73 63 72 69 70 74 5c 75 30 30 33 45 5c 75 30 30 33 43 69 66 72 61 6d 65 20 63 6c 61 73 73 3d 5c 22 69 6e 73 74 61 70 61 67 65 2d 6e 6f 73 63 72 61 70 5c 22 20 73 72 63 3d 5c 22 5c 2f 5c 2f 64 33 6d 77 68 78 67 7a 6c 74 70 6e 79 70 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 5c 2f 6c 6f 63 61 6c 2d 73 74 6f 72 61 67 65 5c 2f 69 6e 64 65 78 2e 68 74 6d 6c 5c 22 20 6e 61 6d 65 3d 5c 22 69 6e 73 74 61 70 61 67 65 2d 6c 6f 63 61 6c 2d 73 74 6f 72 61 67 65 5c 22 20 68 65 69 67 68 74 3d 5c 22 30 70 78 5c 22 20 77 69 64 74 68 3d 5c 22 30 70 78 5c 22 20 6f 6e 6c 6f 61 64 3d 5c 22 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e 73 74 61 70 61 67 65 45 78 74 65 72 Data Ascii: ersion-external.js\"\u003E\u003C\/script\u003E\u003Ciframe class=\"instapage-noscrap\" src=\"\/\/d3mwhxgzltpnyp.cloudfront.net\/local-storage\/index.html\" name=\"instapage-local-storage\" height=\"0px\" width=\"0px\" onload=\"(function() { InstapageExter
2022-03-03 07:35:31 UTC 627 IN Data Raw: 2c 22 61 72 67 30 22 3a 5b 22 6d 61 63 72 6f 22 2c 31 5d 2c 22 61 72 67 31 22 3a 22 70 6f 6f 6c 44 6f 6e 65 2e 63 66 6d 22 7d 2c 7b 22 66 75 6e 63 74 69 6f 6e 22 3a 22 5f 65 71 22 2c 22 61 72 67 30 22 3a 5b 22 6d 61 63 72 6f 22 2c 30 5d 2c 22 61 72 67 31 22 3a 22 67 74 6d 2e 73 63 72 6f 6c 6c 44 65 70 74 68 22 7d 2c 7b 22 66 75 6e 63 74 69 6f 6e 22 3a 22 5f 72 65 22 2c 22 61 72 67 30 22 3a 5b 22 6d 61 63 72 6f 22 2c 33 5d 2c 22 61 72 67 31 22 3a 22 28 5e 24 7c 28 28 5e 7c 2c 29 35 37 33 30 37 37 32 30 5f 31 37 28 24 7c 2c 29 29 29 22 7d 2c 7b 22 66 75 6e 63 74 69 6f 6e 22 3a 22 5f 65 71 22 2c 22 61 72 67 30 22 3a 5b 22 6d 61 63 72 6f 22 2c 30 5d 2c 22 61 72 67 31 22 3a 22 67 74 6d 2e 6c 6f 61 64 22 7d 5d 2c 0a 20 20 22 72 75 6c 65 73 22 3a 5b 5b 5b 22 69 Data Ascii: ,"arg0":["macro",1],"arg1":"poolDone.cfm"},{"function":"_eq","arg0":["macro",0],"arg1":"gtm.scrollDepth"},{"function":"_re","arg0":["macro",3],"arg1":"(^$|((^|,)57307720_17($|,)))"},{"function":"_eq","arg0":["macro",0],"arg1":"gtm.load"}], "rules":[[["i
2022-03-03 07:35:31 UTC 628 IN Data Raw: 76 61 72 20 6f 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 61 7d 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 61 7d 2c 71 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 61 26 26 21 69 73 4e 61 4e 28 61 29 7d 2c 73 61 3d 41 72 72 61 79 2e 69 73 41 72 72 61 79 2c 74 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 26 26 73 61 28 61 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 61 5b 63 5d 26 26 62 28 61 5b 63 5d 29 29 72 65 74 75 72 6e 20 61 5b 63 Data Ascii: var oa=function(){},pa=function(a){return"function"==typeof a},k=function(a){return"string"==typeof a},qa=function(a){return"number"==typeof a&&!isNaN(a)},sa=Array.isArray,ta=function(a,b){if(a&&sa(a))for(var c=0;c<a.length;c++)if(a[c]&&b(a[c]))return a[c
2022-03-03 07:35:31 UTC 629 IN Data Raw: 61 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 62 29 7b 76 61 72 20 63 3d 62 3b 62 3d 76 6f 69 64 20 30 3b 74 72 79 7b 63 28 29 7d 63 61 74 63 68 28 64 29 7b 7d 7d 7d 7d 2c 4b 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 62 29 62 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 63 29 26 26 28 61 5b 63 5d 3d 62 5b 63 5d 29 7d 2c 4c 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 20 69 6e 20 61 29 69 66 28 61 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 62 29 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 4e 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 5b 5d 2c 64 3d 30 3b 64 3c 61 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 63 2e 70 Data Ascii: a;return function(){if(b){var c=b;b=void 0;try{c()}catch(d){}}}},Ka=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},La=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1},Na=function(a,b){for(var c=[],d=0;d<a.length;d++)c.p
2022-03-03 07:35:31 UTC 630 IN Data Raw: 54 4d 4c 28 61 29 3a 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 5a 61 28 63 2c 6e 75 6c 6c 2c 59 61 29 7d 3b 2f 2a 0a 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 66 75 6e 63 74 69 6f 6e 20 62 62 28 61 29 7b 69 66 28 22 73 63 72 69 70 74 22 3d 3d 3d 61 2e 74 61 67 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 55 73 65 20 73 65 74 54 65 78 74 43 6f 6e 74 65 6e 74 20 77 69 74 68 20 61 20 53 61 66 65 53 63 72 69 70 74 2e 22 29 3b 69 66 28 22 73 74 79 6c 65 22 3d 3d 3d 61 2e 74 61 67 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 55 73 65 20 73 65 74 54 65 78 74 43 6f 6e 74 65 6e 74 20 77 Data Ascii: TML(a):a;return new Za(c,null,Ya)};/* SPDX-License-Identifier: Apache-2.0*/function bb(a){if("script"===a.tagName.toLowerCase())throw Error("Use setTextContent with a SafeScript.");if("style"===a.tagName.toLowerCase())throw Error("Use setTextContent w
2022-03-03 07:35:31 UTC 632 IN Data Raw: 2e 62 6f 64 79 7c 7c 47 2e 68 65 61 64 3b 72 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 65 2c 72 29 3b 72 65 74 75 72 6e 20 65 7d 2c 6b 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 64 62 29 7b 76 61 72 20 61 3d 64 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 69 66 28 30 3d 3d 3d 61 2e 69 6e 64 65 78 4f 66 28 22 68 74 74 70 73 3a 2f 2f 22 29 29 72 65 74 75 72 6e 20 32 3b 69 66 28 30 3d 3d 3d 61 2e 69 6e 64 65 78 4f 66 28 22 68 74 74 70 3a 2f 2f 22 29 29 72 65 74 75 72 6e 20 33 7d 72 65 74 75 72 6e 20 31 7d 2c 6c 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 76 61 72 20 66 3d 65 2c 67 3d 21 31 3b 66 7c 7c 28 66 3d 47 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 66 72 61 6d 65 22 29 2c 67 3d 21 Data Ascii: .body||G.head;r.parentNode.insertBefore(e,r);return e},kb=function(){if(db){var a=db.toLowerCase();if(0===a.indexOf("https://"))return 2;if(0===a.indexOf("http://"))return 3}return 1},lb=function(a,b,c,d,e){var f=e,g=!1;f||(f=G.createElement("iframe"),g=!
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 74 of 135
2022-03-03 07:35:31 UTC 633 IN Data Raw: 2e 66 69 72 73 74 43 68 69 6c 64 3b 29 65 2e 70 75 73 68 28 62 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 62 2e 66 69 72 73 74 43 68 69 6c 64 29 29 3b 72 65 74 75 72 6e 20 65 7d 2c 75 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 31 30 30 3b 66 6f 72 28 76 61 72 20 64 3d 7b 7d 2c 65 3d 30 3b 65 3c 62 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 64 5b 62 5b 65 5d 5d 3d 21 30 3b 66 6f 72 28 76 61 72 20 66 3d 61 2c 67 3d 30 3b 66 26 26 67 3c 3d 63 3b 67 2b 2b 29 7b 69 66 28 64 5b 53 74 72 69 6e 67 28 66 2e 74 61 67 4e 61 6d 65 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 29 72 65 74 75 72 6e 20 66 3b 66 3d 66 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 2c 0a 76 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 Data Ascii: .firstChild;)e.push(b.removeChild(b.firstChild));return e},ub=function(a,b,c){c=c||100;for(var d={},e=0;e<b.length;e++)d[b[e]]=!0;for(var f=a,g=0;f&&g<=c;g++){if(d[String(f.tagName).toLowerCase()])return f;f=f.parentElement}return null},vb=function(a){va
2022-03-03 07:35:31 UTC 634 IN Data Raw: 7b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 61 7c 7c 73 61 28 61 29 7c 7c 42 62 28 61 29 29 72 65 74 75 72 6e 21 30 3b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 63 61 73 65 20 22 73 74 72 69 6e 67 22 3a 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 72 65 74 75 72 6e 21 30 7d 72 65 74 75 72 6e 21 31 7d 3b 76 61 72 20 44 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 7b 74 6f 53 74 72 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 7d 7d 7d 3b 72 65 74 75 72 6e 7b 6d 68 3a 61 28 22 63 6f 6e 73 65 6e 74 22 29 2c 6e 68 3a 61 28 22 63 6f 6e 73 65 6e 74 5f 61 6c 77 61 79 73 5f 66 69 72 Data Ascii: {if(void 0===a||sa(a)||Bb(a))return!0;switch(typeof a){case "boolean":case "number":case "string":case "function":return!0}return!1};var Db=function(){var a=function(b){return{toString:function(){return b}}};return{mh:a("consent"),nh:a("consent_always_fir
2022-03-03 07:35:31 UTC 635 IN Data Raw: 7b 69 66 28 73 61 28 61 29 29 7b 76 61 72 20 64 3b 73 77 69 74 63 68 28 61 5b 30 5d 29 7b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 5f 69 64 22 3a 72 65 74 75 72 6e 20 61 5b 31 5d 3b 63 61 73 65 20 22 6c 69 73 74 22 3a 64 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 65 3d 31 3b 65 3c 61 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 64 2e 70 75 73 68 28 6b 63 28 61 5b 65 5d 2c 62 2c 63 29 29 3b 72 65 74 75 72 6e 20 64 3b 63 61 73 65 20 22 6d 61 63 72 6f 22 3a 76 61 72 20 66 3d 61 5b 31 5d 3b 69 66 28 63 5b 66 5d 29 72 65 74 75 72 6e 3b 76 61 72 20 67 3d 24 62 5b 66 5d 3b 69 66 28 21 67 7c 7c 62 2e 58 65 28 67 29 29 72 65 74 75 72 6e 3b 63 5b 66 5d 3d 21 30 3b 74 72 79 7b 76 61 72 20 6d 3d 6c 63 28 67 2c 62 2c 63 29 3b 6d 2e 76 74 70 5f 67 74 6d 45 76 65 6e 74 49 64 3d 62 2e Data Ascii: {if(sa(a)){var d;switch(a[0]){case "function_id":return a[1];case "list":d=[];for(var e=1;e<a.length;e++)d.push(kc(a[e],b,c));return d;case "macro":var f=a[1];if(c[f])return;var g=$b[f];if(!g||b.Xe(g))return;c[f]=!0;try{var m=lc(g,b,c);m.vtp_gtmEventId=b.
2022-03-03 07:35:31 UTC 637 IN Data Raw: 69 66 28 6d 29 7b 66 6f 72 28 76 61 72 20 6c 3d 67 2e 61 64 64 7c 7c 5b 5d 2c 6e 3d 30 3b 6e 3c 6c 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 63 5b 6c 5b 6e 5d 5d 3d 21 30 3b 62 28 67 2e 62 6c 6f 63 6b 7c 7c 5b 5d 29 7d 65 6c 73 65 20 6e 75 6c 6c 3d 3d 3d 6d 26 26 62 28 67 2e 62 6c 6f 63 6b 7c 7c 5b 5d 29 3b 7d 66 6f 72 28 76 61 72 20 70 3d 5b 5d 2c 71 3d 30 3b 71 3c 63 63 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 63 5b 71 5d 26 26 21 64 5b 71 5d 26 26 28 70 5b 71 5d 3d 21 30 29 3b 72 65 74 75 72 6e 20 70 7d 2c 6f 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 61 5b 22 69 66 22 5d 7c 7c 5b 5d 2c 64 3d 30 3b 64 3c 63 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 62 28 63 5b 64 5d 29 3b 69 66 28 30 3d 3d 3d 65 29 72 65 74 75 72 Data Ascii: if(m){for(var l=g.add||[],n=0;n<l.length;n++)c[l[n]]=!0;b(g.block||[])}else null===m&&b(g.block||[]);}for(var p=[],q=0;q<cc.length;q++)c[q]&&!d[q]&&(p[q]=!0);return p},oc=function(a,b){for(var c=a["if"]||[],d=0;d<c.length;d++){var e=b(c[d]);if(0===e)retur
2022-03-03 07:35:31 UTC 638 IN Data Raw: 73 22 2c 0a 73 61 3a 22 63 6f 6f 6b 69 65 5f 65 78 70 69 72 65 73 22 2c 4d 62 3a 22 63 6f 6f 6b 69 65 5f 75 70 64 61 74 65 22 2c 7a 63 3a 22 73 65 73 73 69 6f 6e 5f 64 75 72 61 74 69 6f 6e 22 2c 68 64 3a 22 73 65 73 73 69 6f 6e 5f 65 6e 67 61 67 65 64 5f 74 69 6d 65 22 2c 62 64 3a 22 65 6e 67 61 67 65 6d 65 6e 74 5f 74 69 6d 65 5f 6d 73 65 63 22 2c 45 61 3a 22 75 73 65 72 5f 70 72 6f 70 65 72 74 69 65 73 22 2c 76 61 3a 22 74 72 61 6e 73 70 6f 72 74 5f 75 72 6c 22 2c 55 3a 22 61 64 73 5f 64 61 74 61 5f 72 65 64 61 63 74 69 6f 6e 22 2c 77 61 3a 22 75 73 65 72 5f 64 61 74 61 22 2c 75 63 3a 22 66 69 72 73 74 5f 70 61 72 74 79 5f 63 6f 6c 6c 65 63 74 69 6f 6e 22 2c 43 3a 22 61 64 5f 73 74 6f 72 61 67 65 22 2c 4d 3a 22 61 6e 61 6c 79 74 69 63 73 5f 73 74 6f 72 Data Ascii: s",sa:"cookie_expires",Mb:"cookie_update",zc:"session_duration",hd:"session_engaged_time",bd:"engagement_time_msec",Ea:"user_properties",va:"transport_url",U:"ads_data_redaction",wa:"user_data",uc:"first_party_collection",C:"ad_storage",M:"analytics_stor
2022-03-03 07:35:31 UTC 639 IN Data Raw: 6a 63 3a 22 63 61 6d 70 61 69 67 6e 5f 69 64 22 2c 6b 63 3a 22 63 61 6d 70 61 69 67 6e 5f 6d 65 64 69 75 6d 22 2c 6d 63 3a 22 63 61 6d 70 61 69 67 6e 5f 6e 61 6d 65 22 2c 6e 63 3a 22 63 61 6d 70 61 69 67 6e 5f 73 6f 75 72 63 65 22 2c 6f 63 3a 22 63 61 6d 70 61 69 67 6e 5f 74 65 72 6d 22 2c 42 61 3a 22 63 6c 69 65 6e 74 5f 69 64 22 2c 6b 61 3a 22 63 6f 6f 6b 69 65 5f 64 6f 6d 61 69 6e 22 2c 4c 62 3a 22 63 6f 6f 6b 69 65 5f 6e 61 6d 65 22 2c 24 61 3a 22 63 6f 6f 6b 69 65 5f 70 61 74 68 22 2c 4b 61 3a 22 63 6f 6f 6b 69 65 5f 66 6c 61 67 73 22 2c 71 63 3a 22 63 75 73 74 6f 6d 5f 6d 61 70 22 2c 70 65 3a 22 67 72 6f 75 70 73 22 2c 4a 66 3a 22 6e 6f 6e 5f 69 6e 74 65 72 61 63 74 69 6f 6e 22 2c 0a 54 61 3a 22 70 61 67 65 5f 6c 6f 63 61 74 69 6f 6e 22 2c 74 65 3a Data Ascii: jc:"campaign_id",kc:"campaign_medium",mc:"campaign_name",nc:"campaign_source",oc:"campaign_term",Ba:"client_id",ka:"cookie_domain",Lb:"cookie_name",$a:"cookie_path",Ka:"cookie_flags",qc:"custom_map",pe:"groups",Jf:"non_interaction",Ta:"page_location",te:
2022-03-03 07:35:31 UTC 641 IN Data Raw: 74 5f 69 64 22 3b 51 2e 65 64 3d 22 5f 78 5f 32 30 22 3b 51 2e 71 65 3d 22 69 6e 74 65 72 6e 61 6c 5f 74 72 61 66 66 69 63 5f 72 65 73 75 6c 74 73 22 3b 51 2e 6b 64 3d 22 74 72 61 66 66 69 63 5f 74 79 70 65 22 3b 51 2e 67 64 3d 22 72 65 66 65 72 72 61 6c 5f 65 78 63 6c 75 73 69 6f 6e 5f 64 65 66 69 6e 69 74 69 6f 6e 22 3b 51 2e 76 63 3d 22 69 67 6e 6f 72 65 5f 72 65 66 65 72 72 65 72 22 3b 51 2e 45 68 3d 22 63 6f 6e 74 65 6e 74 5f 67 72 6f 75 70 22 3b 51 2e 66 61 3d 22 61 6c 6c 6f 77 5f 69 6e 74 65 72 65 73 74 5f 67 72 6f 75 70 73 22 3b 76 61 72 20 4f 63 3d 7b 7d 3b 51 2e 57 66 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 28 4f 63 5b 51 2e 78 66 5d 3d 31 2c 4f 63 5b 51 2e 76 68 5d 3d 31 2c 4f 63 5b 51 2e 48 62 5d 3d 31 2c 4f 63 5b 51 2e 49 62 5d 3d 31 2c Data Ascii: t_id";Q.ed="_x_20";Q.qe="internal_traffic_results";Q.kd="traffic_type";Q.gd="referral_exclusion_definition";Q.vc="ignore_referrer";Q.Eh="content_group";Q.fa="allow_interest_groups";var Oc={};Q.Wf=Object.freeze((Oc[Q.xf]=1,Oc[Q.vh]=1,Oc[Q.Hb]=1,Oc[Q.Ib]=1,
2022-03-03 07:35:31 UTC 642 IN Data Raw: 56 57 58 59 5a 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 2d 5f 22 2e 63 68 61 72 41 74 28 62 5b 65 5d 7c 7c 30 29 3b 72 65 74 75 72 6e 20 62 2e 6a 6f 69 6e 28 22 22 29 7d 2c 57 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 61 3d 5b 5d 2c 62 3d 53 63 2e 47 41 34 5f 45 56 45 4e 54 7c 7c 5b 5d 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 62 5b 63 5d 26 26 61 2e 70 75 73 68 28 63 29 3b 72 65 74 75 72 6e 20 30 3c 61 2e 6c 65 6e 67 74 68 3f 61 3a 76 6f 69 64 20 30 7d 3b 76 61 72 20 58 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 54 63 28 22 47 54 4d 22 2c 61 29 7d 3b 76 61 72 20 59 63 3d 6e 65 77 20 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 6d 3d 61 3b Data Ascii: VWXYZabcdefghijklmnopqrstuvwxyz0123456789-_".charAt(b[e]||0);return b.join("")},Wc=function(){for(var a=[],b=Sc.GA4_EVENT||[],c=0;c<b.length;c++)b[c]&&a.push(c);return 0<a.length?a:void 0};var Xc=function(a){Tc("GTM",a)};var Yc=new function(a,b){this.m=a;
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 75 of 135
2022-03-03 07:35:31 UTC 643 IN Data Raw: 28 72 2e 71 75 69 65 74 3d 21 31 2c 67 64 28 61 29 2c 66 64 28 29 2c 54 63 28 22 54 41 47 47 49 4e 47 22 2c 32 29 29 7d 2c 66 29 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 64 64 28 61 2c 62 29 7b 76 61 72 20 63 3d 62 64 28 29 3b 63 2e 75 73 65 64 44 65 66 61 75 6c 74 7c 7c 63 2e 75 73 65 64 55 70 64 61 74 65 7c 7c 21 63 2e 61 63 63 65 73 73 65 64 41 6e 79 7c 7c 28 63 2e 77 61 73 53 65 74 4c 61 74 65 3d 21 30 29 3b 63 2e 61 63 74 69 76 65 3d 21 30 3b 63 2e 75 73 65 64 55 70 64 61 74 65 3d 21 30 3b 69 66 28 76 6f 69 64 20 30 21 3d 62 29 7b 76 61 72 20 64 3d 68 64 28 61 29 2c 65 3d 63 2e 65 6e 74 72 69 65 73 2c 66 3d 65 5b 61 5d 3d 65 5b 61 5d 7c 7c 7b 7d 3b 66 2e 75 70 64 61 74 65 3d 22 67 72 61 6e 74 65 64 22 3d 3d 3d 62 3b 76 61 72 20 67 3d 68 64 28 61 29 3b 66 Data Ascii: (r.quiet=!1,gd(a),fd(),Tc("TAGGING",2))},f)}}}function dd(a,b){var c=bd();c.usedDefault||c.usedUpdate||!c.accessedAny||(c.wasSetLate=!0);c.active=!0;c.usedUpdate=!0;if(void 0!=b){var d=hd(a),e=c.entries,f=e[a]=e[a]||{};f.update="granted"===b;var g=hd(a);f
2022-03-03 07:35:31 UTC 644 IN Data Raw: 73 68 28 6d 29 2c 65 5b 6d 5d 3d 21 30 29 7d 72 65 74 75 72 6e 20 66 7d 76 61 72 20 64 3d 6b 28 62 29 3f 5b 62 5d 3a 62 2c 65 3d 7b 7d 3b 63 28 29 2e 6c 65 6e 67 74 68 21 3d 3d 64 2e 6c 65 6e 67 74 68 26 26 6d 64 28 64 2c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 76 61 72 20 67 3d 63 28 29 3b 30 3c 67 2e 6c 65 6e 67 74 68 26 26 28 66 2e 4d 65 3d 67 2c 61 28 66 29 29 7d 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 72 64 28 29 7b 7d 66 75 6e 63 74 69 6f 6e 20 73 64 28 29 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 74 64 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 5b 5d 2c 63 3d 30 3b 63 3c 75 64 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 61 28 75 64 5b 63 5d 29 3b 62 5b 63 5d 3d 21 30 3d 3d 3d 64 3f 22 31 22 3a 21 31 3d 3d 3d 64 3f 22 30 22 3a 22 2d 22 7d 72 65 74 75 Data Ascii: sh(m),e[m]=!0)}return f}var d=k(b)?[b]:b,e={};c().length!==d.length&&md(d,function(f){var g=c();0<g.length&&(f.Me=g,a(f))})};function rd(){}function sd(){};function td(a){for(var b=[],c=0;c<ud.length;c++){var d=a(ud[c]);b[c]=!0===d?"1":!1===d?"0":"-"}retu
2022-03-03 07:35:31 UTC 646 IN Data Raw: 75 6c 6c 21 3d 3d 64 26 26 31 3d 3d 3d 64 2e 6e 6f 64 65 54 79 70 65 29 3b 0a 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 2c 47 64 3d 21 31 3b 69 66 28 47 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 29 74 72 79 7b 76 61 72 20 48 64 3d 47 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 3a 72 6f 6f 74 22 29 3b 48 64 26 26 31 3d 3d 48 64 2e 6c 65 6e 67 74 68 26 26 48 64 5b 30 5d 3d 3d 47 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 26 26 28 47 64 3d 21 30 29 7d 63 61 74 63 68 28 61 29 7b 7d 76 61 72 20 44 64 3d 47 64 3b 0a 76 61 72 20 49 64 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 22 22 3a 6b 28 61 29 3f 46 61 28 53 74 72 69 6e 67 28 61 29 29 3a 22 65 30 22 7d 2c 4b 64 3d 66 75 6e 63 74 69 6f 6e 28 61 29 Data Ascii: ull!==d&&1===d.nodeType);return null},Gd=!1;if(G.querySelectorAll)try{var Hd=G.querySelectorAll(":root");Hd&&1==Hd.length&&Hd[0]==G.documentElement&&(Gd=!0)}catch(a){}var Dd=Gd;var Id=function(a){return null==a?"":k(a)?Fa(String(a)):"e0"},Kd=function(a)
2022-03-03 07:35:31 UTC 647 IN Data Raw: 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 22 65 31 22 29 7d 2c 56 64 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3b 69 66 28 42 2e 54 65 78 74 45 6e 63 6f 64 65 72 29 62 3d 28 6e 65 77 20 42 2e 54 65 78 74 45 6e 63 6f 64 65 72 28 22 75 74 66 2d 38 22 29 29 2e 65 6e 63 6f 64 65 28 61 29 3b 65 6c 73 65 7b 66 6f 72 28 76 61 72 20 63 3d 5b 5d 2c 64 3d 30 3b 64 3c 61 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 61 2e 63 68 61 72 43 6f 64 65 41 74 28 64 29 3b 31 32 38 3e 65 3f 63 2e 70 75 73 68 28 65 29 3a 32 30 34 38 3e 65 3f 63 2e 70 75 73 68 28 31 39 32 7c 65 3e 3e 36 2c 31 32 38 7c 65 26 36 33 29 3a 35 35 32 39 36 3e 65 7c 7c 35 37 33 34 34 3c 3d 65 3f 63 2e 70 75 73 68 28 32 32 34 7c 65 3e 3e 31 32 2c 31 32 38 7c 65 3e 3e 36 26 Data Ascii: Promise.resolve("e1")},Vd=function(a){var b;if(B.TextEncoder)b=(new B.TextEncoder("utf-8")).encode(a);else{for(var c=[],d=0;d<a.length;d++){var e=a.charCodeAt(d);128>e?c.push(e):2048>e?c.push(192|e>>6,128|e&63):55296>e||57344<=e?c.push(224|e>>12,128|e>>6&
2022-03-03 07:35:31 UTC 648 IN Data Raw: 4d 64 2c 6c 29 2c 64 28 6d 5b 6c 5d 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 2c 4d 64 2c 6c 29 2c 64 28 6d 5b 6c 5d 2c 22 73 74 72 65 65 74 22 2c 4c 64 2c 6c 29 2c 64 28 6d 5b 6c 5d 2c 22 63 69 74 79 22 2c 4c 64 2c 6c 29 2c 64 28 6d 5b 6c 5d 2c 22 70 6f 73 74 61 6c 5f 63 6f 64 65 22 2c 4b 64 2c 6c 29 2c 64 28 6d 5b 6c 5d 2c 0a 22 72 65 67 69 6f 6e 22 2c 4c 64 2c 6c 29 2c 64 28 6d 5b 6c 5d 2c 22 63 6f 75 6e 74 72 79 22 2c 4b 64 2c 6c 29 3b 55 64 28 66 2c 62 29 7d 65 6c 73 65 20 66 2e 70 75 73 68 28 7b 6e 61 6d 65 3a 22 65 72 72 6f 72 5f 63 6f 64 65 22 2c 76 61 6c 75 65 3a 22 65 33 22 2c 69 6e 64 65 78 3a 76 6f 69 64 20 30 7d 29 2c 62 28 66 29 7d 2c 5a 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 59 64 28 61 2c 66 75 6e 63 74 69 6f 6e 28 63 29 7b 66 6f 72 28 Data Ascii: Md,l),d(m[l],"last_name",Md,l),d(m[l],"street",Ld,l),d(m[l],"city",Ld,l),d(m[l],"postal_code",Kd,l),d(m[l],"region",Ld,l),d(m[l],"country",Kd,l);Ud(f,b)}else f.push({name:"error_code",value:"e3",index:void 0}),b(f)},Zd=function(a,b){Yd(a,function(c){for(
2022-03-03 07:35:31 UTC 649 IN Data Raw: 2b 22 26 63 76 3d 31 38 22 2c 6f 65 3d 7b 7d 2c 70 65 3d 7b 7d 2c 71 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 54 2e 73 65 71 75 65 6e 63 65 7c 7c 31 3b 54 2e 73 65 71 75 65 6e 63 65 3d 61 2b 31 3b 72 65 74 75 72 6e 20 61 7d 3b 52 2e 6f 68 3d 22 22 3b 76 61 72 20 72 65 3d 22 22 3b 52 2e 76 64 3d 72 65 3b 76 61 72 20 73 65 3d 6e 65 77 20 77 61 2c 74 65 3d 7b 7d 2c 75 65 3d 7b 7d 2c 78 65 3d 7b 6e 61 6d 65 3a 52 2e 58 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 4d 28 4f 61 28 61 2c 62 29 2c 74 65 29 3b 76 65 28 29 7d 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 77 65 28 61 2c 32 29 7d 2c 72 65 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 3d 6e 65 77 20 77 61 3b 74 65 3d 7b 7d 3b 76 65 28 29 7d 7d Data Ascii: +"&cv=18",oe={},pe={},qe=function(){var a=T.sequence||1;T.sequence=a+1;return a};R.oh="";var re="";R.vd=re;var se=new wa,te={},ue={},xe={name:R.X,set:function(a,b){M(Oa(a,b),te);ve()},get:function(a){return we(a,2)},reset:function(){se=new wa;te={};ve()}}
2022-03-03 07:35:31 UTC 650 IN Data Raw: 31 65 66 64 0d 0a 74 65 64 53 74 79 6c 65 29 72 65 74 75 72 6e 21 30 3b 76 61 72 20 63 3d 42 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 61 2c 6e 75 6c 6c 29 3b 69 66 28 22 68 69 64 64 65 6e 22 3d 3d 3d 63 2e 76 69 73 69 62 69 6c 69 74 79 29 72 65 74 75 72 6e 21 30 3b 66 6f 72 28 76 61 72 20 64 3d 61 2c 65 3d 63 3b 64 3b 29 7b 69 66 28 22 6e 6f 6e 65 22 3d 3d 3d 65 2e 64 69 73 70 6c 61 79 29 72 65 74 75 72 6e 21 30 3b 76 61 72 20 66 3d 65 2e 6f 70 61 63 69 74 79 2c 67 3d 65 2e 66 69 6c 74 65 72 3b 69 66 28 67 29 7b 76 61 72 20 6d 3d 67 2e 69 6e 64 65 78 4f 66 28 22 6f 70 61 63 69 74 79 28 22 29 3b 30 3c 3d 6d 26 26 28 67 3d 67 2e 73 75 62 73 74 72 69 6e 67 28 6d 2b 38 2c 67 2e 69 6e 64 65 78 4f 66 28 22 29 22 2c 6d 29 29 2c 22 25 22 3d 3d 67 2e Data Ascii: 1efdtedStyle)return!0;var c=B.getComputedStyle(a,null);if("hidden"===c.visibility)return!0;for(var d=a,e=c;d;){if("none"===e.display)return!0;var f=e.opacity,g=e.filter;if(g){var m=g.indexOf("opacity(");0<=m&&(g=g.substring(m+8,g.indexOf(")",m)),"%"==g.
2022-03-03 07:35:31 UTC 652 IN Data Raw: 72 6f 74 6f 63 6f 6c 22 3d 3d 3d 62 7c 7c 22 70 6f 72 74 22 3d 3d 3d 62 29 61 2e 70 72 6f 74 6f 63 6f 6c 3d 50 65 28 61 2e 70 72 6f 74 6f 63 6f 6c 29 7c 7c 50 65 28 42 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 29 3b 22 70 6f 72 74 22 3d 3d 3d 62 3f 61 2e 70 6f 72 74 3d 53 74 72 69 6e 67 28 4e 75 6d 62 65 72 28 61 2e 68 6f 73 74 6e 61 6d 65 3f 61 2e 70 6f 72 74 3a 42 2e 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 29 7c 7c 28 22 68 74 74 70 22 3d 3d 61 2e 70 72 6f 74 6f 63 6f 6c 3f 38 30 3a 22 68 74 74 70 73 22 3d 3d 61 2e 70 72 6f 74 6f 63 6f 6c 3f 34 34 33 3a 22 22 29 29 3a 22 68 6f 73 74 22 3d 3d 3d 62 26 26 0a 28 61 2e 68 6f 73 74 6e 61 6d 65 3d 28 61 2e 68 6f 73 74 6e 61 6d 65 7c 7c 42 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 29 2e Data Ascii: rotocol"===b||"port"===b)a.protocol=Pe(a.protocol)||Pe(B.location.protocol);"port"===b?a.port=String(Number(a.hostname?a.port:B.location.port)||("http"==a.protocol?80:"https"==a.protocol?443:"")):"host"===b&&(a.hostname=(a.hostname||B.location.hostname).
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 76 of 135
2022-03-03 07:35:31 UTC 653 IN Data Raw: 6c 65 6d 65 6e 74 28 22 61 22 29 3b 61 26 26 28 62 2e 68 72 65 66 3d 61 29 3b 76 61 72 20 63 3d 62 2e 70 61 74 68 6e 61 6d 65 3b 22 2f 22 21 3d 3d 63 5b 30 5d 26 26 28 61 7c 7c 54 63 28 22 54 41 47 47 49 4e 47 22 2c 31 29 2c 63 3d 22 2f 22 2b 63 29 3b 76 61 72 20 64 3d 62 2e 68 6f 73 74 6e 61 6d 65 2e 72 65 70 6c 61 63 65 28 4e 65 2c 22 22 29 3b 72 65 74 75 72 6e 7b 68 72 65 66 3a 62 2e 68 72 65 66 2c 70 72 6f 74 6f 63 6f 6c 3a 62 2e 70 72 6f 74 6f 63 6f 6c 2c 68 6f 73 74 3a 62 2e 68 6f 73 74 2c 68 6f 73 74 6e 61 6d 65 3a 64 2c 70 61 74 68 6e 61 6d 65 3a 63 2c 73 65 61 72 63 68 3a 62 2e 73 65 61 72 63 68 2c 68 61 73 68 3a 62 2e 68 61 73 68 2c 70 6f 72 74 3a 62 2e 70 6f 72 74 7d 7d 2c 55 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 Data Ascii: lement("a");a&&(b.href=a);var c=b.pathname;"/"!==c[0]&&(a||Tc("TAGGING",1),c="/"+c);var d=b.hostname.replace(Ne,"");return{href:b.href,protocol:b.protocol,host:b.host,hostname:d,pathname:c,search:b.search,hash:b.hash,port:b.port}},Ue=function(a){function
2022-03-03 07:35:31 UTC 654 IN Data Raw: 7d 65 6c 73 65 20 64 3d 22 22 3b 63 3d 64 7d 62 3d 63 7d 72 65 74 75 72 6e 20 62 7d 2c 24 65 3d 21 30 2c 61 66 3d 21 31 3b 56 65 2e 6b 68 3d 22 66 61 6c 73 65 22 3b 76 61 72 20 62 66 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 22 66 61 6c 73 65 22 3d 3d 3d 56 65 2e 6b 68 7c 7c 21 24 65 29 72 65 74 75 72 6e 21 31 3b 69 66 28 61 66 29 72 65 74 75 72 6e 21 30 3b 76 61 72 20 62 3d 44 65 28 22 41 57 2d 22 2b 0a 61 29 3b 72 65 74 75 72 6e 21 21 62 26 26 21 21 62 2e 70 72 65 41 75 74 6f 50 69 69 7d 2c 63 66 3d 6e 65 77 20 52 65 67 45 78 70 28 2f 5b 41 2d 5a 30 2d 39 2e 5f 25 2b 2d 5d 2b 40 5b 41 2d 5a 30 2d 39 2e 2d 5d 2b 5c 2e 5b 41 2d 5a 5d 7b 32 2c 7d 2f 69 29 2c 64 66 3d 6e 65 77 20 52 65 67 45 78 70 28 2f 40 28 67 6d 61 69 6c 7c 67 6f 6f 67 6c 65 6d 61 Data Ascii: }else d="";c=d}b=c}return b},$e=!0,af=!1;Ve.kh="false";var bf=function(a){if("false"===Ve.kh||!$e)return!1;if(af)return!0;var b=De("AW-"+a);return!!b&&!!b.preAutoPii},cf=new RegExp(/[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}/i),df=new RegExp(/@(gmail|googlema
2022-03-03 07:35:31 UTC 655 IN Data Raw: 29 2e 69 6e 64 65 78 4f 66 28 46 29 7d 65 6c 73 65 20 45 3d 21 31 3b 45 7c 7c 78 2e 70 75 73 68 28 7b 65 6c 65 6d 65 6e 74 3a 41 2c 57 61 3a 44 7d 29 7d 7d 7d 76 61 72 20 4f 3b 76 61 72 20 4a 3d 61 26 26 61 2e 46 64 3b 69 66 28 4a 26 26 30 21 3d 3d 4a 2e 6c 65 6e 67 74 68 29 7b 66 6f 72 28 76 61 72 20 49 3d 5b 5d 2c 4e 3d 30 3b 4e 3c 78 2e 6c 65 6e 67 74 68 3b 4e 2b 2b 29 7b 66 6f 72 28 76 61 72 20 4c 3d 21 30 2c 4b 3d 30 3b 4b 3c 4a 2e 6c 65 6e 67 74 68 3b 4b 2b 2b 29 7b 76 61 72 20 53 3d 4a 5b 4b 5d 3b 69 66 28 53 26 26 46 64 28 78 5b 4e 5d 2e 65 6c 65 6d 65 6e 74 2c 53 29 29 7b 4c 3d 21 31 3b 62 72 65 61 6b 7d 7d 4c 26 26 49 2e 70 75 73 68 28 78 5b 4e 5d 29 7d 4f 3d 49 7d 65 6c 73 65 20 4f 3d 78 3b 76 3d 59 65 28 4f 29 3b 31 30 3c 78 2e 6c 65 6e 67 74 Data Ascii: ).indexOf(F)}else E=!1;E||x.push({element:A,Wa:D})}}}var O;var J=a&&a.Fd;if(J&&0!==J.length){for(var I=[],N=0;N<x.length;N++){for(var L=!0,K=0;K<J.length;K++){var S=J[K];if(S&&Fd(x[N].element,S)){L=!1;break}}L&&I.push(x[N])}O=I}else O=x;v=Ye(O);10<x.lengt
2022-03-03 07:35:31 UTC 657 IN Data Raw: 22 2c 63 5b 64 5d 2e 66 69 72 73 74 5f 6e 61 6d 65 29 3b 6b 66 28 65 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 2c 63 5b 64 5d 2e 6c 61 73 74 5f 6e 61 6d 65 29 3b 6b 66 28 65 2c 22 73 74 72 65 65 74 22 2c 63 5b 64 5d 2e 73 74 72 65 65 74 29 3b 6b 66 28 65 2c 22 63 69 74 79 22 2c 63 5b 64 5d 2e 63 69 74 79 29 3b 6b 66 28 65 2c 22 72 65 67 69 6f 6e 22 2c 63 5b 64 5d 2e 72 65 67 69 6f 6e 29 3b 6b 66 28 65 2c 22 63 6f 75 6e 74 72 79 22 2c 63 5b 64 5d 2e 63 6f 75 6e 74 72 79 29 3b 6b 66 28 65 2c 22 70 6f 73 74 61 6c 5f 63 6f 64 65 22 2c 63 5b 64 5d 2e 70 6f 73 74 61 6c 5f 63 6f 64 65 29 3b 62 2e 61 64 64 72 65 73 73 2e 70 75 73 68 28 65 29 7d 72 65 74 75 72 6e 20 62 7d 7d 2c 6d 66 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 73 77 69 74 63 68 28 61 2e 6d 6f Data Ascii: ",c[d].first_name);kf(e,"last_name",c[d].last_name);kf(e,"street",c[d].street);kf(e,"city",c[d].city);kf(e,"region",c[d].region);kf(e,"country",c[d].country);kf(e,"postal_code",c[d].postal_code);b.address.push(e)}return b}},mf=function(a){if(a)switch(a.mo
2022-03-03 07:35:31 UTC 658 IN Data Raw: 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 6c 29 29 3b 64 2e 70 75 73 68 28 6c 29 7d 7d 72 65 74 75 72 6e 20 64 7d 3b 76 61 72 20 73 66 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 3d 61 2e 70 72 6f 74 6f 74 79 70 65 3b 76 61 72 20 64 3d 6e 65 77 20 63 3b 61 2e 0d 0a Data Ascii: RIComponent(l));d.push(l)}}return d};var sf=function(a,b){var c=function(){};c.prototype=a.prototype;var d=new c;a.
2022-03-03 07:35:31 UTC 658 IN Data Raw: 36 31 30 33 0d 0a 61 70 70 6c 79 28 64 2c 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 31 29 29 3b 72 65 74 75 72 6e 20 64 7d 2c 74 66 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 62 29 7b 76 61 72 20 63 3d 62 3b 62 3d 6e 75 6c 6c 3b 63 28 29 7d 7d 7d 3b 66 75 6e 63 74 69 6f 6e 20 75 66 28 61 29 7b 72 65 74 75 72 6e 22 6e 75 6c 6c 22 21 3d 3d 61 2e 6f 72 69 67 69 6e 7d 3b 76 61 72 20 78 66 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 76 66 28 64 29 3f 72 66 28 61 2c 53 74 72 69 6e 67 28 62 7c 7c 77 66 28 29 29 2c 63 29 3a 5b 5d 7d 2c 41 66 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 Data Ascii: 6103apply(d,Array.prototype.slice.call(arguments,1));return d},tf=function(a){var b=a;return function(){if(b){var c=b;b=null;c()}}};function uf(a){return"null"!==a.origin};var xf=function(a,b,c,d){return vf(d)?rf(a,String(b||wf()),c):[]},Af=function(a,b
2022-03-03 07:35:31 UTC 659 IN Data Raw: 2c 62 2c 63 2e 56 61 29 29 72 65 74 75 72 6e 20 30 7d 72 65 74 75 72 6e 20 31 7d 6c 26 26 22 6e 6f 6e 65 22 21 3d 3d 6c 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 26 26 28 66 3d 64 28 66 2c 22 64 6f 6d 61 69 6e 22 2c 6c 29 29 3b 66 3d 65 28 66 2c 63 2e 66 6c 61 67 73 29 3b 72 65 74 75 72 6e 20 45 66 28 6c 2c 63 2e 70 61 74 68 29 3f 31 3a 42 66 28 66 2c 61 2c 62 2c 63 2e 56 61 29 3f 30 3a 31 7d 2c 47 66 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 6e 75 6c 6c 3d 3d 63 2e 70 61 74 68 26 26 28 63 2e 70 61 74 68 3d 22 2f 22 29 3b 63 2e 64 6f 6d 61 69 6e 7c 7c 28 63 2e 64 6f 6d 61 69 6e 3d 22 61 75 74 6f 22 29 3b 72 65 74 75 72 6e 20 46 66 28 61 2c 62 2c 63 29 7d 3b 0a 66 75 6e 63 74 69 6f 6e 20 7a 66 28 61 2c 62 2c 63 29 7b 66 6f 72 28 76 61 72 20 64 3d Data Ascii: ,b,c.Va))return 0}return 1}l&&"none"!==l.toLowerCase()&&(f=d(f,"domain",l));f=e(f,c.flags);return Ef(l,c.path)?1:Bf(f,a,b,c.Va)?0:1},Gf=function(a,b,c){null==c.path&&(c.path="/");c.domain||(c.domain="auto");return Ff(a,b,c)};function zf(a,b,c){for(var d=
2022-03-03 07:35:31 UTC 661 IN Data Raw: 75 6c 6c 3d 3d 62 3f 21 30 3a 21 21 62 7d 3b 76 61 72 20 4a 66 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 4d 61 74 68 2e 72 6f 75 6e 64 28 32 31 34 37 34 38 33 36 34 37 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 3b 72 65 74 75 72 6e 20 61 3f 53 74 72 69 6e 67 28 62 5e 71 66 28 61 29 26 32 31 34 37 34 38 33 36 34 37 29 3a 53 74 72 69 6e 67 28 62 29 7d 2c 4b 66 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 5b 4a 66 28 61 29 2c 4d 61 74 68 2e 72 6f 75 6e 64 28 48 61 28 29 2f 31 45 33 29 5d 2e 6a 6f 69 6e 28 22 2e 22 29 7d 2c 4e 66 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 76 61 72 20 66 3d 4c 66 28 62 29 3b 72 65 74 75 72 6e 20 41 66 28 61 2c 66 2c 4d 66 28 63 29 2c 64 2c 65 29 7d 2c 4f 66 3d 66 75 6e 63 74 69 Data Ascii: ull==b?!0:!!b};var Jf=function(a){var b=Math.round(2147483647*Math.random());return a?String(b^qf(a)&2147483647):String(b)},Kf=function(a){return[Jf(a),Math.round(Ha()/1E3)].join(".")},Nf=function(a,b,c,d,e){var f=Lf(b);return Af(a,f,Mf(c),d,e)},Of=functi
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 77 of 135
2022-03-03 07:35:31 UTC 662 IN Data Raw: 4e 75 6d 62 65 72 28 65 5b 32 5d 29 7c 7c 30 7d 3a 52 66 5b 61 5d 3d 64 3b 72 65 74 75 72 6e 21 30 7d 66 75 6e 63 74 69 6f 6e 20 54 66 28 61 29 7b 72 65 74 75 72 6e 28 61 7c 7c 22 5f 67 63 6c 22 29 2b 22 5f 61 75 22 7d 3b 76 61 72 20 58 66 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 5b 5d 2c 63 3d 47 2e 63 6f 6f 6b 69 65 2e 73 70 6c 69 74 28 22 3b 22 29 2c 64 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 5c 5c 73 2a 22 2b 28 61 7c 7c 22 5f 67 61 63 22 29 2b 22 5f 28 55 41 2d 5c 5c 64 2b 2d 5c 5c 64 2b 29 3d 5c 5c 73 2a 28 2e 2b 3f 29 5c 5c 73 2a 24 22 29 2c 65 3d 30 3b 65 3c 63 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 76 61 72 20 66 3d 63 5b 65 5d 2e 6d 61 74 63 68 28 64 29 3b 66 26 26 62 2e 70 75 73 68 28 7b 6c 66 3a 66 5b 31 5d 2c 76 Data Ascii: Number(e[2])||0}:Rf[a]=d;return!0}function Tf(a){return(a||"_gcl")+"_au"};var Xf=function(a){for(var b=[],c=G.cookie.split(";"),d=new RegExp("^\\s*"+(a||"_gac")+"_(UA-\\d+-\\d+)=\\s*(.+?)\\s*$"),e=0;e<c.length;e++){var f=c[e].match(d);f&&b.push({lf:f[1],v
2022-03-03 07:35:31 UTC 663 IN Data Raw: 61 72 20 70 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 6d 67 2c 62 3d 6e 67 2c 63 3d 6f 67 28 29 2c 64 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 61 28 67 2e 74 61 72 67 65 74 7c 7c 67 2e 73 72 63 45 6c 65 6d 65 6e 74 7c 7c 7b 7d 29 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 62 28 67 2e 74 61 72 67 65 74 7c 7c 67 2e 73 72 63 45 6c 65 6d 65 6e 74 7c 7c 7b 7d 29 7d 3b 69 66 28 21 63 2e 69 6e 69 74 29 7b 70 62 28 47 2c 22 6d 6f 75 73 65 64 6f 77 6e 22 2c 64 29 3b 70 62 28 47 2c 22 6b 65 79 75 70 22 2c 64 29 3b 70 62 28 47 2c 22 73 75 62 6d 69 74 22 2c 65 29 3b 76 61 72 20 66 3d 48 54 4d 4c 46 6f 72 6d 45 6c 65 6d 65 6e 74 2e 70 72 6f 74 6f 74 79 70 65 2e 73 75 62 6d 69 74 3b 48 54 4d 4c 46 6f 72 6d 45 6c 65 6d 65 6e 74 2e 70 72 6f 74 6f 74 79 Data Ascii: ar pg=function(){var a=mg,b=ng,c=og(),d=function(g){a(g.target||g.srcElement||{})},e=function(g){b(g.target||g.srcElement||{})};if(!c.init){pb(G,"mousedown",d);pb(G,"keyup",d);pb(G,"submit",e);var f=HTMLFormElement.prototype.submit;HTMLFormElement.prototy
2022-03-03 07:35:31 UTC 665 IN Data Raw: 28 29 29 7b 62 2e 70 75 73 68 28 63 29 3b 76 61 72 20 65 3d 62 2c 66 3d 65 2e 70 75 73 68 2c 67 2c 6d 3d 53 74 72 69 6e 67 28 64 29 3b 68 67 3d 68 67 7c 7c 69 67 28 29 3b 6a 67 3d 6a 67 7c 7c 67 67 28 29 3b 66 6f 72 28 76 61 72 20 6c 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 6d 2e 6c 65 6e 67 74 68 3b 6e 2b 3d 33 29 7b 76 61 72 20 70 3d 6e 2b 31 3c 6d 2e 6c 65 6e 67 74 68 2c 71 3d 6e 2b 32 3c 6d 2e 6c 65 6e 67 74 68 2c 72 3d 6d 2e 63 68 61 72 43 6f 64 65 41 74 28 6e 29 2c 75 3d 70 3f 6d 2e 63 68 61 72 43 6f 64 65 41 74 28 6e 2b 31 29 3a 30 2c 74 3d 71 3f 6d 2e 63 68 61 72 43 6f 64 65 41 74 28 6e 2b 32 29 3a 30 2c 76 3d 72 3e 3e 32 2c 7a 3d 28 72 26 33 29 3c 3c 34 7c 75 3e 3e 34 2c 78 3d 28 75 26 31 35 29 3c 3c 32 7c 74 3e 3e 36 2c 77 3d 74 26 36 33 3b 71 7c 7c 28 77 Data Ascii: ()){b.push(c);var e=b,f=e.push,g,m=String(d);hg=hg||ig();jg=jg||gg();for(var l=[],n=0;n<m.length;n+=3){var p=n+1<m.length,q=n+2<m.length,r=m.charCodeAt(n),u=p?m.charCodeAt(n+1):0,t=q?m.charCodeAt(n+2):0,v=r>>2,z=(r&3)<<4|u>>4,x=(u&15)<<2|t>>6,w=t&63;q||(w
2022-03-03 07:35:31 UTC 666 IN Data Raw: 7d 2c 66 72 61 67 6d 65 6e 74 3a 7b 7d 7d 2c 62 28 63 2e 64 61 74 61 29 29 3b 76 61 72 20 64 3d 7b 7d 2c 65 3d 63 2e 64 61 74 61 3b 65 26 26 28 4b 61 28 64 2c 65 2e 71 75 65 72 79 29 2c 61 26 26 4b 61 28 64 2c 65 2e 66 72 61 67 6d 65 6e 74 29 29 3b 72 65 74 75 72 6e 20 64 7d 2c 41 67 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 72 79 7b 76 61 72 20 62 3d 45 67 28 61 2c 33 29 3b 69 66 28 76 6f 69 64 20 30 21 3d 3d 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 7b 7d 2c 64 3d 62 3f 62 2e 73 70 6c 69 74 28 22 2a 22 29 3a 5b 5d 2c 65 3d 30 3b 65 2b 31 3c 64 2e 6c 65 6e 67 74 68 3b 65 2b 3d 32 29 7b 76 61 72 20 66 3d 64 5b 65 5d 2c 67 3d 6b 67 28 64 5b 65 2b 31 5d 29 3b 63 5b 66 5d 3d 67 7d 54 63 28 22 54 41 47 47 49 4e 47 22 2c 36 29 3b 72 65 74 75 72 6e 20 63 7d 7d 63 Data Ascii: },fragment:{}},b(c.data));var d={},e=c.data;e&&(Ka(d,e.query),a&&Ka(d,e.fragment));return d},Ag=function(a){try{var b=Eg(a,3);if(void 0!==b){for(var c={},d=b?b.split("*"):[],e=0;e+1<d.length;e+=2){var f=d[e],g=kg(d[e+1]);c[f]=g}Tc("TAGGING",6);return c}}c
2022-03-03 07:35:31 UTC 667 IN Data Raw: 73 74 28 65 29 26 26 28 63 2e 68 72 65 66 3d 65 29 7d 7d 0a 66 75 6e 63 74 69 6f 6e 20 48 67 28 61 2c 62 2c 63 29 7b 69 66 28 63 26 26 63 2e 61 63 74 69 6f 6e 29 7b 76 61 72 20 64 3d 28 63 2e 6d 65 74 68 6f 64 7c 7c 22 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 69 66 28 22 67 65 74 22 3d 3d 3d 64 29 7b 66 6f 72 28 76 61 72 20 65 3d 63 2e 63 68 69 6c 64 4e 6f 64 65 73 7c 7c 5b 5d 2c 66 3d 21 31 2c 67 3d 30 3b 67 3c 65 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 7b 76 61 72 20 6d 3d 65 5b 67 5d 3b 69 66 28 6d 2e 6e 61 6d 65 3d 3d 3d 61 29 7b 6d 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 76 61 6c 75 65 22 2c 62 29 3b 66 3d 21 30 3b 62 72 65 61 6b 7d 7d 69 66 28 21 66 29 7b 76 61 72 20 6c 3d 47 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 Data Ascii: st(e)&&(c.href=e)}}function Hg(a,b,c){if(c&&c.action){var d=(c.method||"").toLowerCase();if("get"===d){for(var e=c.childNodes||[],f=!1,g=0;g<e.length;g++){var m=e[g];if(m.name===a){m.setAttribute("value",b);f=!0;break}}if(!f){var l=G.createElement("input
2022-03-03 07:35:31 UTC 668 IN Data Raw: 3a 61 7c 7c 62 7c 7c 4c 67 28 29 7d 3b 76 61 72 20 4e 67 3d 7b 7d 3b 76 61 72 20 4f 67 3d 2f 5e 5c 77 2b 24 2f 2c 50 67 3d 2f 5e 5b 5c 77 2d 5d 2b 24 2f 2c 51 67 3d 7b 61 77 3a 22 5f 61 77 22 2c 64 63 3a 22 5f 64 63 22 2c 67 66 3a 22 5f 67 66 22 2c 68 61 3a 22 5f 68 61 22 2c 67 70 3a 22 5f 67 70 22 2c 67 62 3a 22 5f 67 62 22 7d 2c 52 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 24 63 28 29 2e 6d 28 29 7c 7c 21 6b 64 28 29 29 72 65 74 75 72 6e 21 30 3b 76 61 72 20 61 3d 68 64 28 22 61 64 5f 73 74 6f 72 61 67 65 22 29 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 21 30 3a 21 21 61 7d 2c 53 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 6a 64 28 22 61 64 5f 73 74 6f 72 61 67 65 22 29 3f 52 67 28 29 3f 61 28 29 3a 70 64 28 61 2c 22 61 64 5f 73 74 6f Data Ascii: :a||b||Lg()};var Ng={};var Og=/^\w+$/,Pg=/^[\w-]+$/,Qg={aw:"_aw",dc:"_dc",gf:"_gf",ha:"_ha",gp:"_gp",gb:"_gb"},Rg=function(){if(!$c().m()||!kd())return!0;var a=hd("ad_storage");return null==a?!0:!!a},Sg=function(a,b){jd("ad_storage")?Rg()?a():pd(a,"ad_sto
2022-03-03 07:35:31 UTC 670 IN Data Raw: 65 28 22 23 22 2c 22 22 29 3b 62 3d 62 7c 7c 4f 65 28 66 2c 22 67 63 6c 69 64 22 2c 76 6f 69 64 20 30 29 3b 63 3d 63 7c 7c 4f 65 28 66 2c 22 67 63 6c 73 72 63 22 2c 76 6f 69 64 20 30 29 3b 64 3d 64 7c 7c 4f 65 28 66 2c 22 77 62 72 61 69 64 22 2c 76 6f 69 64 20 30 29 7d 72 65 74 75 72 6e 20 5a 67 28 62 2c 63 2c 65 2c 64 29 7d 2c 5a 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 65 3d 7b 7d 2c 66 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6d 29 7b 65 5b 6d 5d 7c 7c 28 65 5b 6d 5d 3d 5b 5d 29 3b 65 5b 6d 5d 2e 70 75 73 68 28 67 29 7d 3b 65 2e 67 63 6c 69 64 3d 61 3b 65 2e 67 63 6c 73 72 63 3d 62 3b 65 2e 64 63 6c 69 64 3d 63 3b 76 6f 69 64 20 30 21 3d 3d 64 26 26 50 67 2e 74 65 73 74 28 64 29 26 26 28 65 2e 67 62 72 61 69 64 3d 64 2c 66 28 Data Ascii: e("#","");b=b||Oe(f,"gclid",void 0);c=c||Oe(f,"gclsrc",void 0);d=d||Oe(f,"wbraid",void 0)}return Zg(b,c,e,d)},Zg=function(a,b,c,d){var e={},f=function(g,m){e[m]||(e[m]=[]);e[m].push(g)};e.gclid=a;e.gclsrc=b;e.dclid=c;void 0!==d&&Pg.test(d)&&(e.gbraid=d,f(
2022-03-03 07:35:31 UTC 671 IN Data Raw: 64 29 2c 6d 3d 63 5b 67 5d 3b 69 66 28 6d 29 7b 76 61 72 20 6c 3d 4d 61 74 68 2e 6d 69 6e 28 64 68 28 6d 29 2c 48 61 28 29 29 2c 6e 3b 62 3a 7b 76 61 72 20 70 3d 6c 3b 69 66 28 75 66 28 42 29 29 66 6f 72 28 76 61 72 20 71 3d 78 66 28 67 2c 47 2e 63 6f 6f 6b 69 65 2c 76 6f 69 64 20 30 2c 22 61 64 5f 73 74 6f 72 61 67 65 22 29 2c 72 3d 30 3b 72 3c 71 2e 6c 65 6e 67 74 68 3b 2b 2b 72 29 69 66 28 64 68 28 71 5b 72 5d 29 3e 70 29 7b 6e 3d 21 30 3b 62 72 65 61 6b 20 62 7d 6e 3d 21 31 7d 69 66 28 21 6e 29 7b 76 61 72 20 75 3d 50 66 28 62 2c 6c 2c 21 30 29 3b 75 2e 56 61 3d 22 61 64 5f 73 74 6f 72 61 67 65 22 3b 47 66 28 67 2c 6d 2c 75 29 7d 7d 7d 7d 61 68 28 5a 67 28 63 2e 67 63 6c 69 64 2c 63 2e 67 63 6c 73 72 63 29 2c 21 31 2c 62 29 7d 29 7d 2c 63 68 3d 66 75 Data Ascii: d),m=c[g];if(m){var l=Math.min(dh(m),Ha()),n;b:{var p=l;if(uf(B))for(var q=xf(g,G.cookie,void 0,"ad_storage"),r=0;r<q.length;++r)if(dh(q[r])>p){n=!0;break b}n=!1}if(!n){var u=Pf(b,l,!0);u.Va="ad_storage";Gf(g,m,u)}}}}ah(Zg(c.gclid,c.gclsrc),!1,b)})},ch=fu
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 78 of 135
2022-03-03 07:35:31 UTC 672 IN Data Raw: 76 6f 69 64 20 30 3b 71 5b 66 5d 3d 5b 72 5d 3b 61 68 28 71 2c 21 30 2c 62 2c 6e 2c 70 29 7d 7d 29 7d 29 7d 7d 3b 66 75 6e 63 74 69 6f 6e 20 69 68 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 2b 2b 63 29 69 66 28 61 5b 62 5b 63 5d 5d 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 0a 76 61 72 20 6a 68 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 65 2c 66 2c 67 29 7b 67 26 26 28 65 5b 66 5d 3d 67 29 7d 69 66 28 6b 64 28 29 29 7b 76 61 72 20 63 3d 24 67 28 29 3b 69 66 28 69 68 28 63 2c 61 29 29 7b 76 61 72 20 64 3d 7b 7d 3b 62 28 64 2c 22 67 63 6c 69 64 22 2c 63 2e 67 63 6c 69 64 29 3b 62 28 64 2c 22 64 63 6c 69 64 22 2c 63 2e 64 63 6c 69 64 29 3b 62 28 64 2c 22 67 63 6c 73 72 63 Data Ascii: void 0;q[f]=[r];ah(q,!0,b,n,p)}})})}};function ih(a,b){for(var c=0;c<b.length;++c)if(a[b[c]])return!0;return!1}var jh=function(a){function b(e,f,g){g&&(e[f]=g)}if(kd()){var c=$g();if(ih(c,a)){var d={};b(d,"gclid",c.gclid);b(d,"dclid",c.dclid);b(d,"gclsrc
2022-03-03 07:35:31 UTC 673 IN Data Raw: 68 3d 21 31 3b 76 61 72 20 73 68 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 6f 68 28 22 61 77 22 2c 61 2c 62 29 7d 2c 74 68 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 6f 68 28 22 64 63 22 2c 61 2c 62 29 7d 2c 75 68 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 6e 68 28 22 67 61 63 22 29 3b 72 65 74 75 72 6e 20 62 3f 21 79 64 28 51 2e 43 29 26 26 61 3f 22 30 22 3a 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 62 29 3a 6d 68 28 52 67 28 29 3f 66 67 28 29 3a 7b 7d 29 7d 2c 76 68 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 6e 68 28 22 67 61 63 67 62 22 29 3b 72 65 74 75 72 6e 20 62 3f 0a 21 79 64 28 51 2e 43 29 26 26 61 3f 22 30 22 3a 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e Data Ascii: h=!1;var sh=function(a,b){return oh("aw",a,b)},th=function(a,b){return oh("dc",a,b)},uh=function(a){var b=nh("gac");return b?!yd(Q.C)&&a?"0":decodeURIComponent(b):mh(Rg()?fg():{})},vh=function(a){var b=nh("gacgb");return b?!yd(Q.C)&&a?"0":decodeURICompon
2022-03-03 07:35:31 UTC 675 IN Data Raw: 65 5b 66 5d 21 3d 64 5b 66 5d 29 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 28 65 5b 66 5d 29 3e 4e 75 6d 62 65 72 28 64 5b 66 5d 29 7d 72 65 74 75 72 6e 20 65 2e 6c 65 6e 67 74 68 3e 3d 64 2e 6c 65 6e 67 74 68 7d 3b 0a 76 61 72 20 41 68 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 3f 6e 66 28 61 29 3a 42 2e 65 6e 68 61 6e 63 65 64 5f 63 6f 6e 76 65 72 73 69 6f 6e 5f 64 61 74 61 2c 63 3d 28 61 7c 7c 7b 7d 29 2e 65 6e 68 61 6e 63 65 64 5f 63 6f 6e 76 65 72 73 69 6f 6e 73 5f 6d 6f 64 65 2c 64 3d 76 6f 69 64 20 30 3b 69 66 28 22 6d 61 6e 75 61 6c 22 3d 3d 3d 63 26 26 62 29 73 77 69 74 63 68 28 62 2e 5f 74 61 67 5f 6d 6f 64 65 29 7b 63 61 73 65 20 22 43 4f 44 45 22 3a 64 3d 22 63 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 41 55 54 4f 22 3a 64 3d 22 Data Ascii: e[f]!=d[f])return Number(e[f])>Number(d[f])}return e.length>=d.length};var Ah=function(a){var b=a?nf(a):B.enhanced_conversion_data,c=(a||{}).enhanced_conversions_mode,d=void 0;if("manual"===c&&b)switch(b._tag_mode){case "CODE":d="c";break;case "AUTO":d="
2022-03-03 07:35:31 UTC 676 IN Data Raw: 2f 29 2c 49 68 3d 7b 63 6c 3a 5b 22 65 63 6c 22 5d 2c 63 75 73 74 6f 6d 50 69 78 65 6c 73 3a 5b 22 6e 6f 6e 47 6f 6f 67 6c 65 50 69 78 65 6c 73 22 5d 2c 65 63 6c 3a 5b 22 63 6c 22 5d 2c 65 68 6c 3a 5b 22 68 6c 22 5d 2c 68 6c 3a 5b 22 65 68 6c 22 5d 2c 68 74 6d 6c 3a 5b 22 63 75 73 74 6f 6d 53 63 72 69 70 74 73 22 2c 22 63 75 73 74 6f 6d 50 69 78 65 6c 73 22 2c 22 6e 6f 6e 47 6f 6f 67 6c 65 50 69 78 65 6c 73 22 2c 22 6e 6f 6e 47 6f 6f 67 6c 65 53 63 72 69 70 74 73 22 2c 22 6e 6f 6e 47 6f 6f 67 6c 65 49 66 72 61 6d 65 73 22 5d 2c 63 75 73 74 6f 6d 53 63 72 69 70 74 73 3a 5b 22 68 74 6d 6c 22 2c 22 63 75 73 74 6f 6d 50 69 78 65 6c 73 22 2c 22 6e 6f 6e 47 6f 6f 67 6c 65 50 69 78 65 6c 73 22 2c 22 6e 6f 6e 47 6f 6f 67 6c 65 53 63 72 69 70 74 73 22 2c 22 6e 6f Data Ascii: /),Ih={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","no
2022-03-03 07:35:31 UTC 677 IN Data Raw: 28 2f 5e 5f 2a 2f 2c 22 22 29 3b 69 66 28 76 6f 69 64 20 30 21 3d 3d 66 5b 6d 5d 29 72 65 74 75 72 6e 20 66 5b 6d 5d 3b 76 61 72 20 6c 3d 70 65 5b 6d 5d 7c 7c 5b 5d 2c 6e 3d 61 28 6d 2c 6c 29 3b 69 66 28 62 29 7b 76 61 72 20 70 3b 0a 69 66 28 70 3d 6e 29 61 3a 7b 69 66 28 30 3e 63 2e 69 6e 64 65 78 4f 66 28 6d 29 29 69 66 28 6c 26 26 30 3c 6c 2e 6c 65 6e 67 74 68 29 66 6f 72 28 76 61 72 20 71 3d 30 3b 71 3c 6c 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 7b 69 66 28 30 3e 63 2e 69 6e 64 65 78 4f 66 28 6c 5b 71 5d 29 29 7b 58 63 28 31 31 29 3b 70 3d 21 31 3b 62 72 65 61 6b 20 61 7d 7d 65 6c 73 65 7b 70 3d 21 31 3b 62 72 65 61 6b 20 61 7d 70 3d 21 30 7d 6e 3d 70 7d 76 61 72 20 72 3d 21 31 3b 69 66 28 64 29 7b 76 61 72 20 75 3d 30 3c 3d 65 2e 69 6e 64 65 78 4f 66 28 Data Ascii: (/^_*/,"");if(void 0!==f[m])return f[m];var l=pe[m]||[],n=a(m,l);if(b){var p;if(p=n)a:{if(0>c.indexOf(m))if(l&&0<l.length)for(var q=0;q<l.length;q++){if(0>c.indexOf(l[q])){Xc(11);p=!1;break a}}else{p=!1;break a}p=!0}n=p}var r=!1;if(d){var u=0<=e.indexOf(
2022-03-03 07:35:31 UTC 679 IN Data Raw: 3b 63 2b 2b 29 62 5b 63 5d 28 29 3b 61 2e 6d 3d 21 30 3b 61 2e 44 2e 6c 65 6e 67 74 68 3d 30 7d 7d 2c 55 68 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 70 61 28 62 29 26 26 5a 68 28 61 2c 62 29 3b 63 26 26 42 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 59 68 28 61 29 7d 2c 4e 75 6d 62 65 72 28 63 29 29 7d 2c 5a 68 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 0a 62 29 7b 76 61 72 20 63 3d 4a 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 48 28 66 75 6e 63 74 69 6f 6e 28 29 7b 62 28 52 2e 48 2c 61 2e 4a 29 7d 29 7d 29 3b 61 2e 6d 3f 63 28 29 3a 61 2e 44 2e 70 75 73 68 28 63 29 7d 2c 24 68 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2e 73 2b 2b 3b 72 65 74 75 72 6e 20 4a 61 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: ;c++)b[c]();a.m=!0;a.D.length=0}},Uh=function(a,b,c){pa(b)&&Zh(a,b);c&&B.setTimeout(function(){return Yh(a)},Number(c))},Zh=function(a,b){var c=Ja(function(){return H(function(){b(R.H,a.J)})});a.m?c():a.D.push(c)},$h=function(a){a.s++;return Ja(function(
2022-03-03 07:35:31 UTC 680 IN Data Raw: 6f 61 64 22 29 2c 6d 3d 66 2e 67 65 74 28 22 68 69 74 43 61 6c 6c 62 61 63 6b 22 29 2c 6c 3d 30 3e 67 2e 69 6e 64 65 78 4f 66 28 22 26 74 69 64 3d 22 2b 62 29 3b 6c 26 26 28 66 2e 73 65 74 28 22 68 69 74 50 61 79 6c 6f 61 64 22 2c 67 2e 72 65 70 6c 61 63 65 28 2f 26 74 69 64 3d 55 41 2d 5b 30 2d 39 5d 2b 2d 5b 30 2d 39 5d 2b 2f 2c 22 26 74 69 64 3d 22 2b 62 29 2c 21 30 29 2c 66 2e 73 65 74 28 22 68 69 74 43 61 6c 6c 62 61 63 6b 22 2c 76 6f 69 64 20 30 2c 21 30 29 29 3b 65 28 66 29 3b 6c 26 26 28 66 2e 73 65 74 28 22 68 69 74 50 61 79 6c 6f 61 64 22 2c 0a 67 2c 21 30 29 2c 66 2e 73 65 74 28 22 68 69 74 43 61 6c 6c 62 61 63 6b 22 2c 6d 2c 21 30 29 2c 66 2e 73 65 74 28 22 5f 78 5f 31 39 22 2c 76 6f 69 64 20 30 2c 21 30 29 2c 65 28 66 29 29 7d 29 7d 7d 7d 3b Data Ascii: oad"),m=f.get("hitCallback"),l=0>g.indexOf("&tid="+b);l&&(f.set("hitPayload",g.replace(/&tid=UA-[0-9]+-[0-9]+/,"&tid="+b),!0),f.set("hitCallback",void 0,!0));e(f);l&&(f.set("hitPayload",g,!0),f.set("hitCallback",m,!0),f.set("_x_19",void 0,!0),e(f))})}}};
2022-03-03 07:35:31 UTC 681 IN Data Raw: 22 2c 63 68 69 6c 64 72 65 6e 3a 5b 5d 7d 5d 7d 2c 50 69 3d 52 69 28 29 2c 46 69 3d 7b 7d 2c 47 69 3d 22 22 2c 48 69 3d 22 22 2c 4d 69 3d 22 22 2c 4e 69 3d 22 22 2c 4c 69 3d 22 22 2c 75 69 3d 7b 7d 2c 74 69 3d 21 31 2c 71 69 3d 7b 7d 2c 6d 6a 3d 7b 7d 2c 4f 69 3d 22 22 2c 45 69 3d 76 6f 69 64 20 30 2c 51 69 3d 7b 7d 2c 49 69 3d 7b 7d 2c 43 69 3d 76 6f 69 64 20 30 2c 6e 6a 3d 35 3b 30 3c 54 69 2e 68 68 26 26 28 6e 6a 3d 54 69 2e 68 68 29 3b 76 61 72 20 4a 69 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 0a 30 2c 64 3d 5b 5d 2c 65 3d 30 3b 65 3c 61 3b 2b 2b 65 29 64 2e 70 75 73 68 28 30 29 3b 72 65 74 75 72 6e 7b 58 69 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 63 3c 61 3f 21 31 3a 48 61 28 29 2d 64 5b 63 25 61 5d Data Ascii: ",children:[]}]},Pi=Ri(),Fi={},Gi="",Hi="",Mi="",Ni="",Li="",ui={},ti=!1,qi={},mj={},Oi="",Ei=void 0,Qi={},Ii={},Ci=void 0,nj=5;0<Ti.hh&&(nj=Ti.hh);var Ji=function(a,b){for(var c=0,d=[],e=0;e<a;++e)d.push(0);return{Xi:function(){return c<a?!1:Ha()-d[c%a]
2022-03-03 07:35:31 UTC 682 IN Data Raw: 75 63 63 65 73 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 79 29 7b 79 3d 21 30 3b 76 61 72 20 45 3d 48 61 28 29 2d 44 3b 71 6a 28 63 2e 69 64 2c 63 63 5b 61 5d 2c 22 35 22 2c 45 29 3b 58 0d 0a Data Ascii: uccess=function(){if(!y){y=!0;var E=Ha()-D;qj(c.id,cc[a],"5",E);X
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 79 of 135
2022-03-03 07:35:31 UTC 682 IN Data Raw: 34 37 38 38 0d 0a 68 28 63 2e 56 62 2c 41 2c 22 73 75 63 63 65 73 73 22 2c 0a 45 29 3b 67 28 29 7d 7d 3b 7a 2e 76 74 70 5f 67 74 6d 4f 6e 46 61 69 6c 75 72 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 79 29 7b 79 3d 21 30 3b 76 61 72 20 45 3d 48 61 28 29 2d 44 3b 71 6a 28 63 2e 69 64 2c 63 63 5b 61 5d 2c 22 36 22 2c 45 29 3b 58 68 28 63 2e 56 62 2c 41 2c 22 66 61 69 6c 75 72 65 22 2c 45 29 3b 6d 28 29 7d 7d 3b 7a 2e 76 74 70 5f 67 74 6d 54 61 67 49 64 3d 66 2e 74 61 67 5f 69 64 3b 7a 2e 76 74 70 5f 67 74 6d 45 76 65 6e 74 49 64 3d 63 2e 69 64 3b 71 6a 28 63 2e 69 64 2c 66 2c 22 31 22 29 3b 76 61 72 20 43 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 45 3d 48 61 28 29 2d 44 3b 71 6a 28 63 2e 69 64 2c 66 2c 22 37 22 2c 45 29 3b 58 68 28 63 2e 56 62 Data Ascii: 4788h(c.Vb,A,"success",E);g()}};z.vtp_gtmOnFailure=function(){if(!y){y=!0;var E=Ha()-D;qj(c.id,cc[a],"6",E);Xh(c.Vb,A,"failure",E);m()}};z.vtp_gtmTagId=f.tag_id;z.vtp_gtmEventId=c.id;qj(c.id,f,"1");var C=function(){var E=Ha()-D;qj(c.id,f,"7",E);Xh(c.Vb
2022-03-03 07:35:31 UTC 684 IN Data Raw: 4d 5f 54 4f 4b 45 4e 22 21 3d 3d 52 2e 76 64 2e 72 65 70 6c 61 63 65 41 6c 6c 28 22 40 40 22 2c 22 22 29 7d 3b 76 61 72 20 4a 6a 3d 7b 7d 2c 4b 6a 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 28 4a 6a 5b 51 2e 72 62 5d 3d 21 30 2c 4a 6a 5b 51 2e 45 63 5d 3d 21 30 2c 4a 6a 29 29 2c 4c 6a 3d 7b 7d 2c 4d 6a 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 28 4c 6a 5b 51 2e 69 61 5d 3d 21 30 2c 4c 6a 29 29 2c 4e 6a 3d 7b 7d 2c 4f 6a 3d 30 3c 3d 47 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 2e 69 6e 64 65 78 4f 66 28 22 3f 67 74 6d 5f 64 69 61 67 6e 6f 73 74 69 63 73 3d 22 29 7c 7c 30 3c 3d 47 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 2e 69 6e 64 65 78 4f 66 28 22 26 67 74 6d 5f 64 69 61 67 6e 6f 73 74 69 63 73 3d 22 29 2c 51 6a 3d 66 75 6e 63 74 69 6f Data Ascii: M_TOKEN"!==R.vd.replaceAll("@@","")};var Jj={},Kj=Object.freeze((Jj[Q.rb]=!0,Jj[Q.Ec]=!0,Jj)),Lj={},Mj=Object.freeze((Lj[Q.ia]=!0,Lj)),Nj={},Oj=0<=G.location.search.indexOf("?gtm_diagnostics=")||0<=G.location.search.indexOf(">m_diagnostics="),Qj=functio
2022-03-03 07:35:31 UTC 685 IN Data Raw: 74 75 72 6e 20 61 7d 2c 5a 6a 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 73 65 74 43 6f 6e 74 61 69 6e 65 72 54 79 70 65 4c 6f 61 64 65 64 3d 62 3b 72 65 74 75 72 6e 20 61 7d 2c 61 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 67 65 74 43 6f 6e 74 61 69 6e 65 72 54 79 70 65 4c 6f 61 64 65 64 3d 62 3b 72 65 74 75 72 6e 20 61 7d 2c 62 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 6f 6e 46 61 69 6c 75 72 65 3d 62 3b 72 65 74 75 72 6e 20 61 7d 3b 68 3d 53 6a 2e 70 72 6f 74 6f 74 79 70 65 3b 0a 68 2e 67 65 74 57 69 74 68 43 6f 6e 66 69 67 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 76 6f 69 64 20 30 21 3d 3d 74 68 69 73 2e 65 76 65 6e 74 4d 6f 64 65 6c 5b 61 5d 29 72 65 74 75 72 6e 20 74 68 69 73 2e 65 76 65 6e 74 4d 6f 64 65 6c 5b Data Ascii: turn a},Zj=function(a,b){a.setContainerTypeLoaded=b;return a},ak=function(a,b){a.getContainerTypeLoaded=b;return a},bk=function(a,b){a.onFailure=b;return a};h=Sj.prototype;h.getWithConfig=function(a){if(void 0!==this.eventModel[a])return this.eventModel[
2022-03-03 07:35:31 UTC 686 IN Data Raw: 2c 62 3b 66 6f 72 28 62 20 69 6e 20 74 68 69 73 2e 65 76 65 6e 74 4d 6f 64 65 6c 29 62 21 3d 3d 51 2e 72 62 26 26 74 68 69 73 2e 65 76 65 6e 74 4d 6f 64 65 6c 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 62 29 26 26 76 6f 69 64 20 30 21 3d 3d 74 68 69 73 2e 65 76 65 6e 74 4d 6f 64 65 6c 5b 62 5d 26 26 61 2e 70 75 73 68 28 62 29 3b 72 65 74 75 72 6e 20 61 7d 3b 66 75 6e 63 74 69 6f 6e 20 63 6b 28 29 7b 54 2e 64 65 64 75 70 65 5f 67 63 6c 69 64 7c 7c 28 54 2e 64 65 64 75 70 65 5f 67 63 6c 69 64 3d 22 22 2b 4b 66 28 29 29 3b 72 65 74 75 72 6e 20 54 2e 64 65 64 75 70 65 5f 67 63 6c 69 64 7d 3b 76 61 72 20 64 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 21 31 3b 72 65 74 75 72 6e 20 61 7d 3b 76 61 72 20 65 6b 3b 69 66 28 33 3d 3d 3d 52 2e 75 64 Data Ascii: ,b;for(b in this.eventModel)b!==Q.rb&&this.eventModel.hasOwnProperty(b)&&void 0!==this.eventModel[b]&&a.push(b);return a};function ck(){T.dedupe_gclid||(T.dedupe_gclid=""+Kf());return T.dedupe_gclid};var dk=function(){var a=!1;return a};var ek;if(3===R.ud
2022-03-03 07:35:31 UTC 687 IN Data Raw: 28 22 6d 65 74 61 22 29 3b 47 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 3b 62 2e 68 74 74 70 45 71 75 69 76 3d 22 6f 72 69 67 69 6e 2d 74 72 69 61 6c 22 3b 62 2e 63 6f 6e 74 65 6e 74 3d 61 3b 72 65 74 75 72 6e 20 62 7d 3b 76 61 72 20 6e 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 76 61 72 20 6f 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 6f 69 64 20 30 21 3d 3d 61 2e 61 64 64 74 6c 43 6f 6e 73 65 6e 74 26 26 22 73 74 72 69 6e 67 22 21 3d 3d 74 79 70 65 6f 66 20 61 2e 61 64 64 74 6c 43 6f 6e 73 65 6e 74 26 26 28 61 2e 61 64 64 74 6c 43 6f 6e 73 65 6e 74 3d 76 6f 69 64 20 30 29 3b 76 6f 69 64 20 30 21 3d 3d 61 2e 67 64 70 72 41 70 70 6c 69 65 73 26 26 22 62 6f 6f 6c 65 61 6e 22 21 3d 3d 74 79 70 65 6f 66 20 61 2e 67 64 70 72 41 70 70 6c Data Ascii: ("meta");G.head.appendChild(b);b.httpEquiv="origin-trial";b.content=a;return b};var nk=function(){};var ok=function(a){void 0!==a.addtlConsent&&"string"!==typeof a.addtlConsent&&(a.addtlConsent=void 0);void 0!==a.gdprApplies&&"boolean"!==typeof a.gdprAppl
2022-03-03 07:35:31 UTC 689 IN Data Raw: 74 72 69 63 74 69 6f 6e 73 5b 62 5d 3b 69 66 28 76 6f 69 64 20 30 21 3d 3d 66 29 7b 65 3d 66 5b 76 6f 69 64 20 30 3d 3d 3d 64 3f 22 37 35 35 22 3a 64 5d 3b 62 72 65 61 6b 20 61 7d 7d 65 3d 76 6f 69 64 20 30 7d 76 61 72 20 67 3d 65 3b 69 66 28 30 3d 3d 3d 67 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 6d 3d 63 3b 32 3d 3d 3d 63 3f 28 6d 3d 30 2c 32 3d 3d 3d 67 26 26 28 6d 3d 31 29 29 3a 33 3d 3d 3d 63 26 26 28 6d 3d 31 2c 31 3d 3d 3d 67 26 26 28 6d 3d 30 29 29 3b 76 61 72 20 6c 3b 69 66 28 30 3d 3d 3d 6d 29 69 66 28 61 2e 70 75 72 70 6f 73 65 26 26 61 2e 76 65 6e 64 6f 72 29 7b 76 61 72 20 6e 3d 72 6b 28 61 2e 76 65 6e 64 6f 72 2e 63 6f 6e 73 65 6e 74 73 2c 76 6f 69 64 20 30 3d 3d 3d 64 3f 22 37 35 35 22 3a 64 29 3b 6c 3d 6e 26 26 22 31 22 3d 3d 3d 62 26 26 Data Ascii: trictions[b];if(void 0!==f){e=f[void 0===d?"755":d];break a}}e=void 0}var g=e;if(0===g)return!1;var m=c;2===c?(m=0,2===g&&(m=1)):3===c&&(m=1,1===g&&(m=0));var l;if(0===m)if(a.purpose&&a.vendor){var n=rk(a.vendor.consents,void 0===d?"755":d);l=n&&"1"===b&&
2022-03-03 07:35:31 UTC 690 IN Data Raw: 30 30 29 3b 66 75 6e 63 74 69 6f 6e 20 7a 6b 28 29 7b 76 61 72 20 61 3d 54 2e 74 63 66 7c 7c 7b 7d 3b 72 65 74 75 72 6e 20 54 2e 74 63 66 3d 61 7d 0a 76 61 72 20 45 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 7a 6b 28 29 2c 62 3d 6e 65 77 20 70 6b 28 42 2c 76 6b 3f 33 45 33 3a 2d 31 29 3b 69 66 28 21 30 3d 3d 3d 42 2e 67 74 61 67 5f 65 6e 61 62 6c 65 5f 74 63 66 5f 73 75 70 70 6f 72 74 26 26 21 61 2e 61 63 74 69 76 65 26 26 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 42 2e 5f 5f 74 63 66 61 70 69 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 62 2e 6f 2e 5f 5f 74 63 66 61 70 69 7c 7c 6e 75 6c 6c 21 3d 74 6b 28 62 29 29 29 7b 61 2e 61 63 74 69 76 65 3d 21 30 3b 61 2e 51 63 3d 7b 7d 3b 41 6b 28 29 3b 76 61 Data Ascii: 00);function zk(){var a=T.tcf||{};return T.tcf=a}var Ek=function(){var a=zk(),b=new pk(B,vk?3E3:-1);if(!0===B.gtag_enable_tcf_support&&!a.active&&("function"===typeof B.__tcfapi||"function"===typeof b.o.__tcfapi||null!=tk(b))){a.active=!0;a.Qc={};Ak();va
2022-03-03 07:35:31 UTC 691 IN Data Raw: 72 69 6e 67 3d 22 74 63 75 6e 61 76 61 69 6c 61 62 6c 65 22 3b 76 6b 26 26 28 61 2e 51 63 3d 44 6b 28 29 29 7d 66 75 6e 63 74 69 6f 6e 20 41 6b 28 29 7b 76 61 72 20 61 3d 7b 7d 2c 62 3d 28 61 2e 61 64 5f 73 74 6f 72 61 67 65 3d 22 64 65 6e 69 65 64 22 2c 61 2e 77 61 69 74 5f 66 6f 72 5f 75 70 64 61 74 65 3d 78 6b 2c 61 29 3b 76 64 28 62 29 7d 66 75 6e 63 74 69 6f 6e 20 44 6b 28 29 7b 76 61 72 20 61 3d 7b 7d 2c 62 3b 66 6f 72 28 62 20 69 6e 20 77 6b 29 77 6b 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 62 29 26 26 28 61 5b 62 5d 3d 21 30 29 3b 72 65 74 75 72 6e 20 61 7d 0a 66 75 6e 63 74 69 6f 6e 20 43 6b 28 61 29 7b 76 61 72 20 62 3d 7b 7d 2c 63 3d 28 62 2e 61 64 5f 73 74 6f 72 61 67 65 3d 61 2e 51 63 5b 22 31 22 5d 3f 22 67 72 61 6e 74 65 64 22 3a 22 Data Ascii: ring="tcunavailable";vk&&(a.Qc=Dk())}function Ak(){var a={},b=(a.ad_storage="denied",a.wait_for_update=xk,a);vd(b)}function Dk(){var a={},b;for(b in wk)wk.hasOwnProperty(b)&&(a[b]=!0);return a}function Ck(a){var b={},c=(b.ad_storage=a.Qc["1"]?"granted":"
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 80 of 135
2022-03-03 07:35:31 UTC 693 IN Data Raw: 21 31 29 2e 5f 75 70 26 26 79 28 22 67 74 6d 5f 75 70 22 2c 22 31 22 29 3b 79 28 22 67 63 6c 69 64 22 2c 49 6b 28 64 2c 6c 29 29 3b 79 28 22 67 63 6c 73 72 63 22 2c 6e 29 3b 69 66 28 21 28 41 2e 67 63 6c 69 64 7c 7c 0a 41 2e 64 63 6c 69 64 7c 7c 41 2e 67 63 6c 61 77 29 26 26 28 79 28 22 67 62 72 61 69 64 22 2c 49 6b 28 64 2c 71 29 29 2c 41 2e 67 62 72 61 69 64 26 26 4b 6b 26 26 28 78 3d 21 31 29 2c 21 41 2e 67 62 72 61 69 64 26 26 6b 64 28 29 26 26 79 64 28 51 2e 43 29 29 29 7b 76 61 72 20 4f 3d 55 67 28 22 5f 67 63 6c 5f 67 62 22 29 3b 30 3c 4f 2e 6c 65 6e 67 74 68 26 26 28 79 28 22 67 63 6c 67 62 22 2c 4f 2e 6a 6f 69 6e 28 22 2e 22 29 29 2c 4b 6b 26 26 28 78 3d 21 31 29 29 7d 79 28 22 67 74 6d 22 2c 68 6b 28 21 65 29 29 3b 67 26 26 79 64 28 51 2e 43 29 Data Ascii: !1)._up&&y("gtm_up","1");y("gclid",Ik(d,l));y("gclsrc",n);if(!(A.gclid||A.dclid||A.gclaw)&&(y("gbraid",Ik(d,q)),A.gbraid&&Kk&&(x=!1),!A.gbraid&&kd()&&yd(Q.C))){var O=Ug("_gcl_gb");0<O.length&&(y("gclgb",O.join(".")),Kk&&(x=!1))}y("gtm",hk(!e));g&&yd(Q.C)
2022-03-03 07:35:31 UTC 694 IN Data Raw: 66 75 6e 63 74 69 6f 6e 28 29 7b 79 64 28 51 2e 43 29 3f 53 6b 28 61 2c 62 2c 63 2c 64 2c 65 29 3a 64 26 26 64 28 29 7d 2c 5b 51 2e 43 5d 29 3b 7d 3b 0a 0a 76 61 72 20 55 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 76 6f 69 64 20 30 3d 3d 3d 63 3f 21 30 3a 63 3b 76 61 72 20 64 3d 7b 67 63 6c 67 62 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 68 28 22 67 62 22 2c 62 2c 63 29 2e 6a 6f 69 6e 28 22 2e 22 29 7d 2c 67 61 63 67 62 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 76 68 28 63 29 7d 2c 67 63 6c 61 77 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 73 68 28 62 2c 63 29 2e 6a 6f 69 6e 28 22 2e 22 29 7d 2c 67 61 63 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 75 68 28 63 29 7d 7d 2c 65 3d 78 Data Ascii: function(){yd(Q.C)?Sk(a,b,c,d,e):d&&d()},[Q.C]);};var Uk=function(a,b,c){c=void 0===c?!0:c;var d={gclgb:function(){return oh("gb",b,c).join(".")},gacgb:function(){return vh(c)},gclaw:function(){return sh(b,c).join(".")},gac:function(){return uh(c)}},e=x
2022-03-03 07:35:31 UTC 695 IN Data Raw: 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 28 32 3d 3d 3d 24 6b 28 29 7c 7c 64 7c 7c 22 68 74 74 70 3a 22 21 3d 42 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 3f 61 3a 62 29 2b 63 7d 2c 24 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 6b 62 28 29 2c 62 3b 69 66 28 31 3d 3d 3d 61 29 61 3a 7b 76 61 72 20 63 3d 65 65 3b 63 3d 63 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 66 6f 72 28 76 61 72 20 64 3d 22 68 74 74 70 73 3a 2f 2f 22 2b 63 2c 65 3d 22 68 74 74 70 3a 2f 2f 22 2b 63 2c 66 3d 31 2c 67 3d 47 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 2c 6d 3d 30 3b 6d 3c 67 2e 6c 65 6e 67 74 68 26 26 31 30 30 3e 6d 3b 6d 2b 2b 29 7b 76 61 72 20 6c 3d 67 5b 6d 5d 2e 73 72 63 3b 69 Data Ascii: ion(a,b,c,d){return(2===$k()||d||"http:"!=B.location.protocol?a:b)+c},$k=function(){var a=kb(),b;if(1===a)a:{var c=ee;c=c.toLowerCase();for(var d="https://"+c,e="http://"+c,f=1,g=G.getElementsByTagName("script"),m=0;m<g.length&&100>m;m++){var l=g[m].src;i
2022-03-03 07:35:31 UTC 696 IN Data Raw: 28 29 7d 2c 66 3d 30 3b 66 3c 61 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 7b 76 61 72 20 67 3d 61 5b 66 5d 3b 68 6c 5b 67 2e 69 64 5d 7c 7c 0a 28 67 26 26 22 41 57 22 3d 3d 3d 67 2e 70 72 65 66 69 78 26 26 21 65 2e 61 64 44 61 74 61 26 26 32 3c 3d 67 2e 4b 2e 6c 65 6e 67 74 68 3f 28 65 2e 61 64 44 61 74 61 3d 7b 61 6b 3a 67 2e 4b 5b 30 5d 2c 63 6c 3a 67 2e 4b 5b 31 5d 7d 2c 68 6c 5b 67 2e 69 64 5d 3d 21 30 29 3a 67 26 26 22 55 41 22 3d 3d 3d 67 2e 70 72 65 66 69 78 26 26 21 65 2e 67 61 44 61 74 61 26 26 28 65 2e 67 61 44 61 74 61 3d 7b 67 61 57 70 69 64 3a 67 2e 63 6f 6e 74 61 69 6e 65 72 49 64 7d 2c 68 6c 5b 67 2e 69 64 5d 3d 21 30 29 29 7d 28 65 2e 67 61 44 61 74 61 7c 7c 65 2e 61 64 44 61 74 61 29 26 26 63 6c 28 67 6c 2c 64 29 28 64 2e 55 61 2c 65 2c 64 2e Data Ascii: ()},f=0;f<a.length;f++){var g=a[f];hl[g.id]||(g&&"AW"===g.prefix&&!e.adData&&2<=g.K.length?(e.adData={ak:g.K[0],cl:g.K[1]},hl[g.id]=!0):g&&"UA"===g.prefix&&!e.gaData&&(e.gaData={gaWpid:g.containerId},hl[g.id]=!0))}(e.gaData||e.adData)&&cl(gl,d)(d.Ua,e,d.
2022-03-03 07:35:31 UTC 698 IN Data Raw: 79 7b 64 3d 50 72 6f 6d 69 73 65 2e 72 61 63 65 28 5b 47 2e 69 6e 74 65 72 65 73 74 43 6f 68 6f 72 74 28 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 54 2e 66 6c 6f 63 3d 7b 74 73 3a 48 61 28 29 2c 66 6c 6f 63 3a 65 7d 3b 72 65 74 75 72 6e 20 65 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 42 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 28 29 7d 2c 6d 6c 29 7d 29 5d 29 2e 63 61 74 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 7d 72 65 74 75 72 6e 20 64 7d 2c 70 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 42 2e 50 72 6f 6d 69 73 65 29 72 65 74 75 72 6e 21 31 3b 70 61 28 47 2e 69 6e 74 65 72 65 73 74 43 6f Data Ascii: y{d=Promise.race([G.interestCohort().then(function(e){T.floc={ts:Ha(),floc:e};return e}),new Promise(function(e){B.setTimeout(function(){return e()},ml)})]).catch(function(){})}catch(e){return}return d},pl=function(){if(!B.Promise)return!1;pa(G.interestCo
2022-03-03 07:35:31 UTC 699 IN Data Raw: 63 28 22 54 41 47 47 49 4e 47 22 2c 39 29 3b 72 65 74 75 72 6e 7d 7d 65 6c 73 65 20 74 72 79 7b 69 66 28 35 30 3c 3d 47 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 27 69 66 72 61 6d 65 5b 61 6c 6c 6f 77 3d 22 6a 6f 69 6e 2d 61 64 2d 69 6e 74 65 72 65 73 74 2d 67 72 6f 75 70 22 5d 5b 64 61 74 61 2d 74 61 67 67 69 6e 67 2d 69 64 2a 3d 22 2d 22 5d 27 29 2e 6c 65 6e 67 74 68 29 7b 54 63 28 22 54 41 47 47 49 4e 47 22 2c 31 30 29 3b 72 65 74 75 72 6e 7d 7d 63 61 74 63 68 28 65 29 7b 7d 6c 62 28 61 2c 76 6f 69 64 20 30 2c 7b 61 6c 6c 6f 77 3a 22 6a 6f 69 6e 2d 61 64 2d 69 6e 74 65 72 65 73 74 2d 67 72 6f 75 70 22 7d 2c 7b 74 61 67 67 69 6e 67 49 64 3a 62 2c 6c 6f 61 64 54 69 6d 65 3a 48 61 28 29 7d 2c 63 29 7d 3b 0a 76 61 72 20 77 6c 3d 66 75 6e 63 74 Data Ascii: c("TAGGING",9);return}}else try{if(50<=G.querySelectorAll('iframe[allow="join-ad-interest-group"][data-tagging-id*="-"]').length){Tc("TAGGING",10);return}}catch(e){}lb(a,void 0,{allow:"join-ad-interest-group"},{taggingId:b,loadTime:Ha()},c)};var wl=funct
2022-03-03 07:35:31 UTC 700 IN Data Raw: 65 29 2c 67 6f 6f 67 6c 65 5f 62 61 73 6b 65 74 5f 64 69 73 63 6f 75 6e 74 3a 61 2e 46 28 51 2e 62 65 29 2c 67 6f 6f 67 6c 65 5f 62 61 73 6b 65 74 5f 74 72 61 6e 73 61 63 74 69 6f 6e 5f 0d 0a Data Ascii: e),google_basket_discount:a.F(Q.be),google_basket_transaction_
2022-03-03 07:35:31 UTC 700 IN Data Raw: 38 30 30 30 0d 0a 74 79 70 65 3a 61 2e 65 76 65 6e 74 4e 61 6d 65 2c 67 6f 6f 67 6c 65 5f 64 69 73 61 62 6c 65 5f 6d 65 72 63 68 61 6e 74 5f 72 65 70 6f 72 74 65 64 5f 63 6f 6e 76 65 72 73 69 6f 6e 73 3a 21 30 3d 3d 3d 61 2e 46 28 51 2e 7a 66 29 7d 29 3b 64 6b 28 29 26 26 61 2e 6d 61 28 22 67 6f 6f 67 6c 65 5f 64 69 73 61 62 6c 65 5f 6d 65 72 63 68 61 6e 74 5f 72 65 70 6f 72 74 65 64 5f 63 6f 6e 76 65 72 73 69 6f 6e 73 22 2c 0a 21 30 29 3b 76 61 72 20 62 3b 76 61 72 20 63 3d 61 2e 46 28 51 2e 5a 29 3b 69 66 28 63 29 7b 66 6f 72 28 76 61 72 20 64 3d 5b 5d 2c 65 3d 30 3b 65 3c 63 2e 6c 65 6e 67 74 68 3b 2b 2b 65 29 7b 76 61 72 20 66 3d 63 5b 65 5d 3b 66 26 26 64 2e 70 75 73 68 28 7b 69 74 65 6d 5f 69 64 3a 66 2e 69 64 2c 71 75 61 6e 74 69 74 79 3a 66 2e 71 Data Ascii: 8000type:a.eventName,google_disable_merchant_reported_conversions:!0===a.F(Q.zf)});dk()&&a.ma("google_disable_merchant_reported_conversions",!0);var b;var c=a.F(Q.Z);if(c){for(var d=[],e=0;e<c.length;++e){var f=c[e];f&&d.push({item_id:f.id,quantity:f.q
2022-03-03 07:35:31 UTC 702 IN Data Raw: 28 61 2e 6f 29 7c 7c 63 28 29 3a 63 28 29 7d 2c 4d 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 3b 30 3c 4b 6c 2e 6c 65 6e 67 74 68 3b 29 4c 6c 28 4b 6c 2e 73 68 69 66 74 28 29 29 7d 2c 4e 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 47 6c 3b 48 6c 26 26 28 63 3d 62 2e 67 65 74 43 6f 6e 74 61 69 6e 65 72 54 79 70 65 4c 6f 61 64 65 64 28 22 41 57 22 29 29 3b 69 66 28 21 63 29 7b 47 6c 3d 21 30 3b 61 69 28 29 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 48 6c 26 26 62 2e 73 65 74 43 6f 6e 74 61 69 6e 65 72 54 79 70 65 4c 6f 61 64 65 64 28 22 41 57 22 2c 0a 21 30 29 3b 4d 6c 28 29 3b 4b 6c 3d 7b 70 75 73 68 3a 4c 6c 7d 7d 3b 64 6b 28 29 3f 64 28 29 3a 6a 62 28 61 2c 64 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 4d 6c 28 29 3b 47 Data Ascii: (a.o)||c():c()},Ml=function(){for(;0<Kl.length;)Ll(Kl.shift())},Nl=function(a,b){var c=Gl;Hl&&(c=b.getContainerTypeLoaded("AW"));if(!c){Gl=!0;ai();var d=function(){Hl&&b.setContainerTypeLoaded("AW",!0);Ml();Kl={push:Ll}};dk()?d():jb(a,d,function(){Ml();G
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 81 of 135
2022-03-03 07:35:31 UTC 703 IN Data Raw: 2e 67 6f 6f 67 6c 65 5f 61 64 64 69 74 69 6f 6e 61 6c 5f 70 61 72 61 6d 73 5b 61 5d 3d 62 29 7d 3b 68 2e 57 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6f 2e 67 6f 6f 67 6c 65 5f 67 74 6d 5f 65 78 70 65 72 69 6d 65 6e 74 73 3d 74 68 69 73 2e 6f 2e 67 6f 6f 67 6c 65 5f 67 74 6d 5f 65 78 70 65 72 69 6d 65 6e 74 73 7c 7c 7b 7d 3b 74 68 69 73 2e 6f 2e 67 6f 6f 67 6c 65 5f 67 74 6d 5f 65 78 70 65 72 69 6d 65 6e 74 73 5b 61 5d 3d 21 30 7d 3b 68 2e 46 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 73 2e 67 65 74 57 69 74 68 43 6f 6e 66 69 67 28 61 29 7d 3b 68 2e 67 65 74 52 65 6d 6f 74 65 43 6f 6e 66 69 67 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 73 2e 72 65 6d 6f 74 65 43 6f 6e 66 69 67 Data Ascii: .google_additional_params[a]=b)};h.Wb=function(a){this.o.google_gtm_experiments=this.o.google_gtm_experiments||{};this.o.google_gtm_experiments[a]=!0};h.F=function(a){return this.s.getWithConfig(a)};h.getRemoteConfig=function(a){return this.s.remoteConfig
2022-03-03 07:35:31 UTC 704 IN Data Raw: 67 6c 65 5f 63 6f 6e 76 65 72 73 69 6f 6e 5f 6f 72 64 65 72 5f 69 64 3a 66 2e 46 28 51 2e 68 62 29 2c 67 6f 6f 67 6c 65 5f 75 73 65 72 5f 69 64 3a 66 2e 46 28 51 2e 44 61 29 2c 67 6f 6f 67 6c 65 5f 63 6f 6e 76 65 72 73 69 6f 6e 5f 70 61 67 65 5f 75 72 6c 3a 66 2e 46 28 51 2e 54 61 29 2c 67 6f 6f 67 6c 65 5f 63 6f 6e 76 65 72 73 69 6f 6e 5f 72 65 66 65 72 72 65 72 5f 75 72 6c 3a 66 2e 46 28 51 2e 4c 61 29 7d 29 3b 66 2e 46 63 28 7b 6f 6e 6c 6f 61 64 5f 63 61 6c 6c 62 61 63 6b 3a 66 2e 73 2e 6f 6e 53 75 63 63 65 73 73 2c 67 74 6d 5f 6f 6e 46 61 69 6c 75 72 65 3a 66 2e 73 2e 6f 6e 46 61 69 6c 75 72 65 7d 29 3b 45 6c 28 66 29 3b 66 2e 6d 26 26 66 2e 6d 61 28 22 67 6f 6f 67 6c 65 5f 74 72 61 6e 73 70 6f 72 74 5f 75 72 6c 22 2c 46 6a 28 66 2e 46 28 51 2e 76 61 Data Ascii: gle_conversion_order_id:f.F(Q.hb),google_user_id:f.F(Q.Da),google_conversion_page_url:f.F(Q.Ta),google_conversion_referrer_url:f.F(Q.La)});f.Fc({onload_callback:f.s.onSuccess,gtm_onFailure:f.s.onFailure});El(f);f.m&&f.ma("google_transport_url",Fj(f.F(Q.va
2022-03-03 07:35:31 UTC 705 IN Data Raw: 64 61 74 61 3d 7b 7d 3b 74 68 69 73 2e 57 3d 21 31 7d 2c 66 6d 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 61 2e 6d 2e 67 65 74 57 69 74 68 43 6f 6e 66 69 67 28 62 29 3b 76 6f 69 64 20 30 21 3d 3d 64 3f 61 2e 6f 5b 62 5d 3d 64 3a 76 6f 69 64 20 30 21 3d 3d 63 26 26 28 61 2e 6f 5b 62 5d 3d 63 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 67 6d 28 61 29 7b 72 65 74 75 72 6e 7b 67 65 74 44 65 73 74 69 6e 61 74 69 6f 6e 49 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 2e 73 7d 2c 67 65 74 45 76 65 6e 74 4e 61 6d 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 2e 65 76 65 6e 74 4e 61 6d 65 7d 2c 73 65 74 45 76 65 6e 74 4e 61 6d 65 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 65 Data Ascii: data={};this.W=!1},fm=function(a,b,c){var d=a.m.getWithConfig(b);void 0!==d?a.o[b]=d:void 0!==c&&(a.o[b]=c)};function gm(a){return{getDestinationId:function(){return a.s},getEventName:function(){return a.eventName},setEventName:function(b){return void(a.e
2022-03-03 07:35:31 UTC 707 IN Data Raw: 6b 28 62 29 3b 0a 72 65 74 75 72 6e 20 61 2e 6f 5b 63 2e 63 6f 6e 74 61 69 6e 65 72 49 64 5d 3d 61 2e 6f 5b 63 2e 63 6f 6e 74 61 69 6e 65 72 49 64 5d 7c 7c 6e 65 77 20 47 6e 7d 2c 4a 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 62 29 7b 76 61 72 20 64 3d 58 6b 28 62 29 3b 69 66 28 64 26 26 31 3d 3d 3d 49 6e 28 61 2c 62 29 2e 73 74 61 74 75 73 29 7b 49 6e 28 61 2c 62 29 2e 73 74 61 74 75 73 3d 32 3b 76 61 72 20 65 3d 7b 7d 3b 6b 6a 26 26 28 65 2e 74 69 6d 65 6f 75 74 49 64 3d 42 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 58 63 28 33 38 29 3b 44 69 28 29 7d 2c 33 45 33 29 29 3b 61 2e 70 75 73 68 28 22 72 65 71 75 69 72 65 22 2c 5b 65 5d 2c 64 2e 63 6f 6e 74 61 69 6e 65 72 49 64 29 3b 46 6e 5b 64 2e 63 6f 6e 74 61 Data Ascii: k(b);return a.o[c.containerId]=a.o[c.containerId]||new Gn},Jn=function(a,b,c){if(b){var d=Xk(b);if(d&&1===In(a,b).status){In(a,b).status=2;var e={};kj&&(e.timeoutId=B.setTimeout(function(){Xc(38);Di()},3E3));a.push("require",[e],d.containerId);Fn[d.conta
2022-03-03 07:35:31 UTC 708 IN Data Raw: 29 2c 45 69 3d 6c 29 3b 76 61 72 20 71 3d 6e 2b 22 2e 22 2b 4d 61 74 68 2e 66 6c 6f 6f 72 28 67 2d 66 29 2b 22 2e 22 2b 4d 61 74 68 2e 66 6c 6f 6f 72 28 70 29 3b 4e 69 3d 4e 69 3f 4e 69 2b 22 2c 22 2b 71 3a 22 26 63 6c 3d 22 2b 71 7d 64 65 6c 65 74 65 20 46 6e 5b 65 2e 63 6f 6e 74 61 69 6e 65 72 49 64 5d 7d 74 68 69 73 2e 66 6c 75 73 68 28 29 7d 7d 3b 0a 68 2e 6e 6f 74 69 66 79 43 6f 6e 74 61 69 6e 65 72 4c 6f 61 64 65 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 74 68 69 73 2c 64 3d 66 75 6e 63 74 69 6f 6e 28 66 29 7b 69 66 28 58 6b 28 66 29 29 7b 76 61 72 20 67 3d 49 6e 28 63 2c 66 29 3b 67 2e 73 74 61 74 75 73 3d 33 3b 67 2e 63 6c 61 69 6d 65 64 3d 21 30 7d 7d 3b 64 28 61 29 3b 66 6f 72 28 76 61 72 20 65 3d 30 3b 65 3c 62 2e 6c 65 Data Ascii: ),Ei=l);var q=n+"."+Math.floor(g-f)+"."+Math.floor(p);Ni=Ni?Ni+","+q:"&cl="+q}delete Fn[e.containerId]}this.flush()}};h.notifyContainerLoaded=function(a,b){var c=this,d=function(f){if(Xk(f)){var g=In(c,f);g.status=3;g.claimed=!0}};d(a);for(var e=0;e<b.le
2022-03-03 07:35:31 UTC 709 IN Data Raw: 2e 74 61 72 67 65 74 43 6f 6e 66 69 67 5b 66 2e 4f 5d 29 3b 64 3d 21 30 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 65 76 65 6e 74 22 3a 0a 65 2e 56 63 3d 7b 7d 3b 79 61 28 66 2e 6d 5b 30 5d 2c 66 75 6e 63 74 69 6f 6e 28 72 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 75 2c 74 29 7b 4d 28 4f 61 28 75 2c 74 29 2c 72 2e 56 63 29 7d 7d 28 65 29 29 3b 4b 6e 28 74 68 69 73 2c 66 2e 6d 5b 31 5d 2c 65 2e 56 63 2c 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 67 65 74 22 3a 76 61 72 20 70 3d 7b 7d 2c 71 3d 28 70 5b 51 2e 53 61 5d 3d 66 2e 6d 5b 30 5d 2c 70 5b 51 2e 63 62 5d 3d 66 2e 6d 5b 31 5d 2c 70 29 3b 4b 6e 28 74 68 69 73 2c 51 2e 49 61 2c 71 2c 66 29 7d 74 68 69 73 2e 6d 2e 73 68 69 66 74 28 29 3b 4c 6e 28 74 68 69 73 2c 66 29 7d 65 3d 7b 50 61 3a 65 2e Data Ascii: .targetConfig[f.O]);d=!0;break;case "event":e.Vc={};ya(f.m[0],function(r){return function(u,t){M(Oa(u,t),r.Vc)}}(e));Kn(this,f.m[1],e.Vc,f);break;case "get":var p={},q=(p[Q.Sa]=f.m[0],p[Q.cb]=f.m[1],p);Kn(this,Q.Ia,q,f)}this.m.shift();Ln(this,f)}e={Pa:e.
2022-03-03 07:35:31 UTC 710 IN Data Raw: 63 3d 74 68 69 73 2e 6f 5b 61 5d 3b 69 66 28 21 63 29 72 65 74 75 72 6e 21 30 3b 69 66 28 21 74 68 69 73 2e 69 73 41 63 74 69 76 65 28 63 2e 4c 64 2c 62 29 29 72 65 74 75 72 6e 21 31 3b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 63 2e 45 62 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 69 66 28 74 68 69 73 2e 6d 5b 63 2e 45 62 5b 64 5d 5d 2e 78 62 28 62 29 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 3b 0a 68 2e 67 65 74 49 73 41 6c 6c 6f 77 65 64 46 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 21 74 68 69 73 2e 69 73 41 63 74 69 76 65 28 61 2c 62 29 29 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 31 7d 3b 76 61 72 20 63 3d 74 68 69 73 2e 6f 5b 61 5d 3b 69 66 28 21 63 29 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f Data Ascii: c=this.o[a];if(!c)return!0;if(!this.isActive(c.Ld,b))return!1;for(var d=0;d<c.Eb.length;d++)if(this.m[c.Eb[d]].xb(b))return!0;return!1};h.getIsAllowedFn=function(a,b){if(!this.isActive(a,b))return function(){return!1};var c=this.o[a];if(!c)return functio
2022-03-03 07:35:31 UTC 712 IN Data Raw: 29 72 65 74 75 72 6e 20 64 2e 45 62 2e 70 75 73 68 28 63 29 2c 21 31 3b 74 68 69 73 2e 6f 5b 61 5d 3d 7b 4c 64 3a 62 2c 45 62 3a 5b 63 5d 7d 3b 72 65 74 75 72 6e 21 30 7d 3b 0a 76 61 72 20 24 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 6d 3d 5b 7b 65 76 65 6e 74 49 64 3a 61 2c 78 62 3a 21 30 7d 5d 3b 74 68 69 73 2e 6f 3d 6e 75 6c 6c 3b 69 66 28 62 29 7b 74 68 69 73 2e 6f 3d 7b 7d 3b 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 74 68 69 73 2e 6f 5b 62 5b 63 5d 5d 3d 21 30 7d 7d 2c 61 6f 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 61 2e 6d 5b 61 2e 6d 2e 6c 65 6e 67 74 68 2d 31 5d 3b 62 3c 3d 64 2e 65 76 65 6e 74 49 64 7c 7c 64 2e 78 62 21 3d 3d 63 26 26 61 2e 6d 2e 70 75 73 68 Data Ascii: )return d.Eb.push(c),!1;this.o[a]={Ld:b,Eb:[c]};return!0};var $n=function(a,b){this.m=[{eventId:a,xb:!0}];this.o=null;if(b){this.o={};for(var c=0;c<b.length;c++)this.o[b[c]]=!0}},ao=function(a,b,c){var d=a.m[a.m.length-1];b<=d.eventId||d.xb!==c&&a.m.push
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 82 of 135
2022-03-03 07:35:31 UTC 713 IN Data Raw: 20 4e 6f 20 66 75 6e 63 74 69 6f 6e 20 6e 61 6d 65 20 67 69 76 65 6e 20 66 6f 72 20 66 75 6e 63 74 69 6f 6e 20 63 61 6c 6c 2e 22 3b 76 61 72 20 71 3d 65 63 5b 70 5d 3b 6c 2e 63 61 6c 6c 28 6d 2c 7b 24 67 3a 6e 2c 51 67 3a 71 3f 71 2e 70 72 69 6f 72 69 74 79 4f 76 65 72 72 69 64 65 7c 7c 30 3a 30 2c 65 78 65 63 75 74 65 3a 67 7d 29 7d 65 6c 73 65 20 66 6f 28 64 2c 62 29 2c 66 28 29 7d 63 61 74 63 68 28 74 29 7b 66 28 29 7d 7d 76 61 72 20 72 3d 62 2e 56 62 3b 72 2e 57 3d 21 30 3b 72 2e 6f 3e 3d 72 2e 73 26 26 59 68 28 72 29 3b 63 2e 73 6f 72 74 28 67 6f 29 3b 66 6f 72 28 76 61 72 20 75 3d 30 3b 75 3c 63 2e 6c 65 6e 67 74 68 3b 75 2b 2b 29 63 5b 75 5d 2e 65 78 65 63 75 74 65 28 29 3b 0a 72 65 74 75 72 6e 20 30 3c 63 2e 6c 65 6e 67 74 68 7d 3b 66 75 6e 63 74 Data Ascii: No function name given for function call.";var q=ec[p];l.call(m,{$g:n,Qg:q?q.priorityOverride||0:0,execute:g})}else fo(d,b),f()}catch(t){f()}}var r=b.Vb;r.W=!0;r.o>=r.s&&Yh(r);c.sort(go);for(var u=0;u<c.length;u++)c[u].execute();return 0<c.length};funct
2022-03-03 07:35:31 UTC 714 IN Data Raw: 62 65 5b 53 74 72 69 6e 67 28 63 63 5b 63 5d 5b 44 62 2e 73 62 5d 29 5d 26 26 28 62 5b 63 5d 3d 21 30 29 2c 76 6f 69 64 20 30 21 3d 3d 63 63 5b 63 5d 5b 44 62 2e 67 69 5d 26 26 28 62 5b 63 5d 3d 21 30 29 29 3b 72 65 74 75 72 6e 20 62 7d 66 75 6e 63 74 69 6f 6e 20 6d 6f 28 61 2c 62 29 7b 69 66 28 21 62 29 72 65 74 75 72 6e 20 62 3b 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 61 5b 63 5d 26 26 63 63 5b 63 5d 26 26 21 63 65 5b 53 74 72 69 6e 67 28 63 63 5b 63 5d 5b 44 62 2e 73 62 5d 29 5d 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 76 61 72 20 6f 6f 3d 22 48 41 20 47 46 20 47 20 55 41 20 41 57 20 44 43 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 70 6f 3d 21 31 2c 71 6f 3d 21 31 2c 72 6f 3d 30 3b 66 75 6e Data Ascii: be[String(cc[c][Db.sb])]&&(b[c]=!0),void 0!==cc[c][Db.gi]&&(b[c]=!0));return b}function mo(a,b){if(!b)return b;for(var c=0;c<a.length;c++)if(a[c]&&cc[c]&&!ce[String(cc[c][Db.sb])])return!0;return!1}var oo="HA GF G UA AW DC".split(" "),po=!1,qo=!1,ro=0;fun
2022-03-03 07:35:31 UTC 716 IN Data Raw: 61 72 20 64 3d 74 68 69 73 2e 6d 2e 6c 65 6e 67 74 68 2b 31 3b 63 3d 4d 28 63 29 3b 63 2e 70 72 69 6f 72 69 74 79 49 64 3d 64 3b 76 61 72 20 65 3d 7b 64 65 62 75 67 43 6f 6e 74 65 78 74 3a 63 2c 6d 65 73 73 61 67 65 3a 61 2c 6e 6f 74 42 65 66 6f 72 65 45 76 65 6e 74 49 64 3a 62 2c 70 72 69 6f 72 69 74 79 49 64 3a 64 7d 3b 74 68 69 73 2e 6d 2e 70 75 73 68 28 65 29 3b 66 6f 72 28 76 61 72 20 66 3d 30 3b 66 3c 74 68 69 73 2e 6f 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 74 72 79 7b 74 68 69 73 2e 6f 5b 66 5d 28 65 29 7d 63 61 74 63 68 28 67 29 7b 7d 7d 3b 77 6f 2e 70 72 6f 74 6f 74 79 70 65 2e 6c 69 73 74 65 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6f 2e 70 75 73 68 28 61 29 7d 3b 77 6f 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 Data Ascii: ar d=this.m.length+1;c=M(c);c.priorityId=d;var e={debugContext:c,message:a,notBeforeEventId:b,priorityId:d};this.m.push(e);for(var f=0;f<this.o.length;f++)try{this.o[f](e)}catch(g){}};wo.prototype.listen=function(a){this.o.push(a)};wo.prototype.get=functi
2022-03-03 07:35:31 UTC 717 IN Data Raw: 6c 65 61 72 54 69 6d 65 6f 75 74 28 67 29 2c 67 3d 76 6f 69 64 20 30 29 2c 66 7c 7c 28 61 28 29 2c 66 3d 21 30 29 29 7d 7d 3b 0a 66 75 6e 63 74 69 6f 6e 20 73 70 28 61 29 7b 76 61 72 20 62 3d 61 2e 5f 63 6c 65 61 72 3b 79 61 28 61 2c 66 75 6e 63 74 69 6f 6e 28 64 2c 65 29 7b 22 5f 63 6c 65 61 72 22 21 3d 3d 64 26 26 28 62 26 26 7a 65 28 64 2c 76 6f 69 64 20 30 29 2c 7a 65 28 64 2c 65 29 29 7d 29 3b 68 65 7c 7c 28 68 65 3d 61 5b 22 67 74 6d 2e 73 74 61 72 74 22 5d 29 3b 76 61 72 20 63 3d 61 5b 22 67 74 6d 2e 75 6e 69 71 75 65 45 76 65 6e 74 49 64 22 5d 3b 69 66 28 21 61 2e 65 76 65 6e 74 29 72 65 74 75 72 6e 21 31 3b 63 7c 7c 28 63 3d 71 65 28 29 2c 61 5b 22 67 74 6d 2e 75 6e 69 71 75 65 45 76 65 6e 74 49 64 22 5d 3d 63 2c 7a 65 28 22 67 74 6d 2e 75 6e 69 Data Ascii: learTimeout(g),g=void 0),f||(a(),f=!0))}};function sp(a){var b=a._clear;ya(a,function(d,e){"_clear"!==d&&(b&&ze(d,void 0),ze(d,e))});he||(he=a["gtm.start"]);var c=a["gtm.uniqueEventId"];if(!a.event)return!1;c||(c=qe(),a["gtm.uniqueEventId"]=c,ze("gtm.uni
2022-03-03 07:35:31 UTC 718 IN Data Raw: 2c 43 29 3b 62 72 65 61 6b 20 61 7d 7d 67 3d 76 6f 69 64 20 30 7d 69 66 28 21 67 29 7b 70 70 3d 21 31 3b 63 6f 6e 74 69 6e 75 65 7d 7d 61 3d 73 70 28 67 29 7c 7c 61 3b 7d 7d 66 69 6e 61 6c 6c 79 7b 6e 26 26 76 65 28 21 30 29 7d 7d 70 70 3d 21 31 7d 0a 72 65 74 75 72 6e 21 61 7d 66 75 6e 63 74 69 6f 6e 20 77 70 28 29 7b 76 61 72 20 62 3d 75 70 28 29 3b 74 72 79 7b 79 6f 28 52 2e 48 29 7d 63 61 74 63 68 28 63 29 7b 7d 72 65 74 75 72 6e 20 62 7d 0a 76 61 72 20 7a 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 65 62 28 52 2e 58 2c 5b 5d 29 2c 62 3d 65 62 28 22 67 6f 6f 67 6c 65 5f 74 61 67 5f 6d 61 6e 61 67 65 72 22 2c 7b 7d 29 3b 62 3d 62 5b 52 2e 58 5d 3d 62 5b 52 2e 58 5d 7c 7c 7b 7d 3b 54 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 62 2e Data Ascii: ,C);break a}}g=void 0}if(!g){pp=!1;continue}}a=sp(g)||a;}}finally{n&&ve(!0)}}pp=!1}return!a}function wp(){var b=up();try{yo(R.H)}catch(c){}return b}var zp=function(){var a=eb(R.X,[]),b=eb("google_tag_manager",{});b=b[R.X]=b[R.X]||{};Th(function(){if(!b.
2022-03-03 07:35:31 UTC 719 IN Data Raw: 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 71 65 28 29 3b 45 70 5b 63 5d 3d 5b 61 2c 62 5d 3b 72 65 74 75 72 6e 20 63 7d 3b 43 70 2e 76 67 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 3f 30 3a 31 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 63 29 7b 76 61 72 20 64 3d 45 70 5b 63 5d 3b 69 66 28 64 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 64 5b 62 5d 29 64 5b 62 5d 28 29 3b 45 70 5b 63 5d 3d 76 6f 69 64 20 30 7d 7d 3b 43 70 2e 57 69 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 21 31 2c 63 3d 21 31 2c 64 3d 32 3b 64 3c 61 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 62 3d 0a 62 7c 7c 38 3d 3d 3d 61 5b 64 5d 2c 63 3d 63 7c 7c 31 36 3d 3d 3d 61 5b 64 5d 3b 72 65 74 75 72 6e 20 62 26 26 63 7d 3b 43 70 Data Ascii: on(a,b){var c=qe();Ep[c]=[a,b];return c};Cp.vg=function(a){var b=a?0:1;return function(c){var d=Ep[c];if(d&&"function"===typeof d[b])d[b]();Ep[c]=void 0}};Cp.Wi=function(a){for(var b=!1,c=!1,d=2;d<a.length;d++)b=b||8===a[d],c=c||16===a[d];return b&&c};Cp
2022-03-03 07:35:31 UTC 721 IN Data Raw: 20 52 65 28 54 65 28 61 29 2c 22 66 72 61 67 6d 65 6e 74 22 29 7d 2c 68 71 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 53 65 28 54 65 28 61 29 29 7d 2c 69 71 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 77 65 28 61 2c 62 7c 7c 32 29 7d 2c 6a 71 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3b 62 3f 28 61 2e 65 76 65 6e 74 43 61 6c 6c 62 61 63 6b 3d 62 2c 63 26 26 28 61 2e 65 76 65 6e 74 54 69 6d 65 6f 75 74 3d 63 29 2c 64 3d 71 70 28 61 29 29 3a 64 3d 71 70 28 61 29 3b 72 65 74 75 72 6e 20 64 7d 2c 6b 71 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 42 5b 61 5d 3d 62 7d 2c 56 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 0a 63 29 7b 62 26 26 28 76 6f 69 64 20 30 3d 3d 3d 42 5b 61 5d 7c 7c 63 26 26 21 42 Data Ascii: Re(Te(a),"fragment")},hq=function(a){return Se(Te(a))},iq=function(a,b){return we(a,b||2)},jq=function(a,b,c){var d;b?(a.eventCallback=b,c&&(a.eventTimeout=c),d=qp(a)):d=qp(a);return d},kq=function(a,b){B[a]=b},V=function(a,b,c){b&&(void 0===B[a]||c&&!B
2022-03-03 07:35:31 UTC 722 IN Data Raw: 3d 61 2e 61 72 67 31 3b 69 66 28 61 2e 61 6e 79 5f 6f 66 26 26 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 63 29 29 7b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 63 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 4d 28 61 2c 7b 7d 29 3b 4d 28 7b 61 72 67 31 3a 63 5b 64 5d 2c 61 6e 79 5f 6f 66 3a 76 6f 69 64 20 30 7d 2c 65 29 3b 69 66 28 54 71 28 65 29 29 72 65 74 75 72 6e 21 30 7d 72 65 74 75 72 6e 21 31 7d 73 77 69 74 63 68 28 61 5b 22 66 75 6e 63 74 69 6f 6e 22 5d 29 7b 63 61 73 65 20 22 5f 63 6e 22 3a 72 65 74 75 72 6e 20 30 3c 3d 53 74 72 69 6e 67 28 62 29 2e 69 6e 64 65 78 4f 66 28 53 74 72 69 6e 67 28 63 29 29 3b 63 61 73 65 20 22 5f 63 73 73 22 3a 76 61 72 20 66 3b 61 3a 7b 69 66 28 62 29 74 72 79 7b 66 6f 72 28 76 61 72 20 67 3d 30 3b 67 3c Data Ascii: =a.arg1;if(a.any_of&&Array.isArray(c)){for(var d=0;d<c.length;d++){var e=M(a,{});M({arg1:c[d],any_of:void 0},e);if(Tq(e))return!0}return!1}switch(a["function"]){case "_cn":return 0<=String(b).indexOf(String(c));case "_css":var f;a:{if(b)try{for(var g=0;g<
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 83 of 135
2022-03-03 07:35:31 UTC 723 IN Data Raw: 3d 30 3b 64 3c 62 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 61 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 62 5b 64 5d 29 26 26 28 61 5b 62 5b 64 5d 5d 3d 63 28 61 5b 62 5b 64 5d 5d 29 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 79 73 28 29 7b 72 65 74 75 72 6e 20 42 2e 67 61 47 6c 6f 62 61 6c 3d 42 2e 67 61 47 6c 6f 62 61 6c 7c 7c 7b 7d 7d 76 61 72 20 7a 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 79 73 28 29 3b 61 2e 68 69 64 3d 61 2e 68 69 64 7c 7c 76 61 28 29 3b 72 65 74 75 72 6e 20 61 2e 68 69 64 7d 2c 41 73 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 79 73 28 29 3b 69 66 28 76 6f 69 64 20 30 3d 3d 63 2e 76 69 64 7c 7c 62 26 26 21 63 2e 66 72 6f 6d 5f 63 6f 6f 6b 69 65 29 63 2e 76 69 64 3d 61 2c 63 2e 66 72 6f 6d 5f 63 6f 6f 6b Data Ascii: =0;d<b.length;d++)a.hasOwnProperty(b[d])&&(a[b[d]]=c(a[b[d]]))};function ys(){return B.gaGlobal=B.gaGlobal||{}}var zs=function(){var a=ys();a.hid=a.hid||va();return a.hid},As=function(a,b){var c=ys();if(void 0==c.vid||b&&!c.from_cookie)c.vid=a,c.from_cook
2022-03-03 07:35:31 UTC 724 IN Data Raw: 61 73 75 72 65 6d 65 6e 74 49 64 29 3b 69 66 28 6b 28 62 29 26 26 30 3d 3d 3d 62 2e 69 6e 64 65 78 4f 66 28 22 47 2d 22 29 29 7b 76 61 72 20 63 3d 62 72 28 61 2e 76 74 70 5f 66 69 65 6c 64 73 54 6f 53 65 74 2c 22 6e 61 6d 65 22 2c 22 76 61 6c 75 65 22 29 7c 7c 7b 7d 3b 69 66 28 63 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 51 2e 45 61 29 7c 7c 61 2e 76 74 70 5f 75 73 65 72 50 72 6f 70 65 72 74 69 65 73 29 7b 76 61 72 20 64 3d 63 5b 51 2e 45 61 5d 7c 7c 7b 7d 3b 4d 28 62 72 28 61 2e 76 74 70 5f 75 73 65 72 50 72 6f 70 65 72 74 69 65 73 2c 22 6e 61 6d 65 22 2c 22 76 61 6c 75 65 22 29 2c 64 29 3b 63 5b 51 2e 45 61 5d 3d 64 7d 61 2e 76 74 70 5f 65 6e 61 62 6c 65 53 65 6e 64 54 6f 53 65 72 76 65 72 43 6f 6e 74 61 69 6e 65 72 26 26 61 2e 76 74 70 5f 73 65 Data Ascii: asurementId);if(k(b)&&0===b.indexOf("G-")){var c=br(a.vtp_fieldsToSet,"name","value")||{};if(c.hasOwnProperty(Q.Ea)||a.vtp_userProperties){var d=c[Q.Ea]||{};M(br(a.vtp_userProperties,"name","value"),d);c[Q.Ea]=d}a.vtp_enableSendToServerContainer&&a.vtp_se
2022-03-03 07:35:31 UTC 726 IN Data Raw: 2e 65 76 65 6e 74 4d 6f 64 65 6c 29 7c 7c 28 71 3d 64 2e 76 74 70 5f 67 74 6d 43 61 63 68 65 64 56 61 6c 75 65 73 2e 65 63 6f 6d 6d 65 72 63 65 29 3a 71 3d 64 2e 76 74 70 5f 65 63 6f 6d 6d 65 72 63 65 4d 61 63 72 6f 44 61 74 61 3b 69 66 28 42 62 28 71 29 29 7b 63 2e 70 75 73 68 28 35 29 3b 66 6f 72 28 76 61 72 20 72 20 69 6e 20 71 29 71 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 72 29 26 26 28 22 63 75 72 72 65 6e 63 79 43 6f 64 65 22 3d 3d 3d 72 3f 6e 28 22 63 75 72 72 65 6e 63 79 22 2c 71 2e 63 75 72 72 65 6e 63 79 43 6f 64 65 29 3a 22 69 6d 70 72 65 73 73 69 6f 6e 73 22 3d 3d 3d 72 26 26 65 3d 3d 3d 51 2e 6f 62 3f 70 28 71 2e 69 6d 70 72 65 73 73 69 6f 6e 73 2c 6e 75 6c 6c 29 3a 22 70 72 6f 6d 6f 43 6c 69 63 6b 22 3d 3d 3d 72 26 26 65 3d 3d 3d 51 Data Ascii: .eventModel)||(q=d.vtp_gtmCachedValues.ecommerce):q=d.vtp_ecommerceMacroData;if(Bb(q)){c.push(5);for(var r in q)q.hasOwnProperty(r)&&("currencyCode"===r?n("currency",q.currencyCode):"impressions"===r&&e===Q.ob?p(q.impressions,null):"promoClick"===r&&e===Q
2022-03-03 07:35:31 UTC 727 IN Data Raw: 0a 0a 0a 5a 2e 67 2e 73 64 6c 3d 5b 22 67 6f 6f 67 6c 65 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 72 65 74 75 72 6e 21 21 28 4f 62 6a 65 63 74 2e 6b 65 79 73 28 6c 28 22 68 6f 72 69 7a 2e 70 69 78 22 29 29 2e 6c 65 6e 67 74 68 7c 7c 4f 62 6a 65 63 74 2e 6b 65 79 73 28 6c 28 22 68 6f 72 69 7a 2e 70 63 74 22 29 29 2e 6c 65 6e 67 74 68 7c 7c 4f 62 6a 65 63 74 2e 6b 65 79 73 28 6c 28 22 76 65 72 74 2e 70 69 78 22 29 29 2e 6c 65 6e 67 74 68 7c 7c 4f 62 6a 65 63 74 2e 6b 65 79 73 28 6c 28 22 76 65 72 74 2e 70 63 74 22 29 29 2e 6c 65 6e 67 74 68 29 7d 66 75 6e 63 74 69 6f 6e 20 62 28 77 29 7b 66 6f 72 28 76 61 72 20 41 3d 5b 5d 2c 79 3d 77 2e 73 70 6c 69 74 28 22 2c 22 29 2c 43 3d 30 3b 43 3c 79 2e 6c 65 6e 67 74 68 3b 43 Data Ascii: Z.g.sdl=["google"],function(){function a(){return!!(Object.keys(l("horiz.pix")).length||Object.keys(l("horiz.pct")).length||Object.keys(l("vert.pix")).length||Object.keys(l("vert.pct")).length)}function b(w){for(var A=[],y=w.split(","),C=0;C<y.length;C
2022-03-03 07:35:31 UTC 728 IN Data Raw: 2c 45 29 2c 71 62 28 75 2c 22 72 65 73 69 7a 65 22 2c 45 29 2c 48 70 28 22 73 64 6c 22 2c 22 69 6e 69 74 22 2c 21 31 29 29 29 3b 43 3d 21 31 7d 2c 45 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 41 26 26 78 28 29 3b 79 3f 43 3d 21 30 3a 28 79 3d 64 71 28 44 2c 77 29 2c 48 70 28 22 73 64 6c 22 2c 22 70 65 6e 64 69 6e 67 22 2c 21 30 29 29 7d 3b 72 65 74 75 72 6e 20 45 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 77 2c 41 2c 79 29 7b 69 66 28 41 29 7b 76 61 72 20 43 3d 62 28 53 74 72 69 6e 67 28 77 29 29 3b 49 70 28 22 73 64 6c 22 2c 79 2c 66 75 6e 63 74 69 6f 6e 28 44 29 7b 66 6f 72 28 76 61 72 20 45 3d 30 3b 45 3c 43 2e 6c 65 6e 67 74 68 3b 45 2b 2b 29 7b 76 61 72 20 46 3d 0a 53 74 72 69 6e 67 28 43 5b 45 5d 29 3b 44 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 46 29 7c Data Ascii: ,E),qb(u,"resize",E),Hp("sdl","init",!1)));C=!1},E=function(){A&&x();y?C=!0:(y=dq(D,w),Hp("sdl","pending",!0))};return E}function m(w,A,y){if(A){var C=b(String(w));Ip("sdl",y,function(D){for(var E=0;E<C.length;E++){var F=String(C[E]);D.hasOwnProperty(F)|
2022-03-03 07:35:31 UTC 730 IN Data Raw: 5f 5f 65 2e 70 72 69 6f 72 69 74 79 4f 76 65 72 72 69 64 65 3d 30 7d 29 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 53 74 72 69 6e 67 28 61 2e 76 74 70 5f 67 74 6d 43 61 63 68 65 64 56 61 6c 75 65 73 2e 65 76 65 6e 74 29 7d 29 7d 28 29 3b 5a 2e 67 2e 66 3d 5b 22 67 6f 6f 67 6c 65 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5a 2e 5f 5f 66 3d 61 3b 5a 2e 5f 5f 66 2e 68 3d 22 66 22 3b 5a 2e 5f 5f 66 2e 69 73 56 65 6e 64 6f 72 54 65 6d 70 6c 61 74 65 3d 21 30 3b 5a 2e 5f 5f 66 2e 70 72 69 6f 72 69 74 79 4f 76 65 72 72 69 64 65 3d 30 7d 29 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 69 71 28 22 67 74 6d 2e 72 65 66 65 72 72 65 72 22 2c 31 29 7c 7c 47 2e 72 65 66 65 72 72 65 72 3b 72 65 74 75 72 Data Ascii: __e.priorityOverride=0})(function(a){return String(a.vtp_gtmCachedValues.event)})}();Z.g.f=["google"],function(){(function(a){Z.__f=a;Z.__f.h="f";Z.__f.isVendorTemplate=!0;Z.__f.priorityOverride=0})(function(a){var b=iq("gtm.referrer",1)||G.referrer;retur
2022-03-03 07:35:31 UTC 731 IN Data Raw: 76 2e 70 72 69 6f 72 69 74 79 4f 76 65 72 72 69 64 65 3d 30 7d 29 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 76 74 70 5f 6e 61 6d 65 3b 69 66 28 21 62 7c 7c 21 62 2e 72 65 70 6c 61 63 65 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 63 3d 69 71 28 62 2e 72 65 70 6c 61 63 65 28 2f 5c 5c 5c 2e 2f 67 2c 22 2e 22 29 2c 61 2e 76 74 70 5f 64 61 74 61 4c 61 79 65 72 56 65 72 73 69 6f 6e 7c 7c 31 29 2c 64 3d 76 6f 69 64 20 30 21 3d 3d 63 3f 63 3a 61 2e 76 74 70 5f 64 65 66 61 75 6c 74 56 61 6c 75 65 3b 71 71 28 64 2c 22 76 22 2c 61 2e 76 74 70 5f 67 74 6d 45 76 65 6e 74 49 64 29 3b 72 65 74 75 72 6e 20 64 7d 29 7d 28 29 3b 0a 0a 0a 5a 2e 67 2e 67 63 6c 69 64 77 3d 5b 22 67 6f 6f 67 6c 65 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d Data Ascii: v.priorityOverride=0})(function(a){var b=a.vtp_name;if(!b||!b.replace)return!1;var c=iq(b.replace(/\\\./g,"."),a.vtp_dataLayerVersion||1),d=void 0!==c?c:a.vtp_defaultValue;qq(d,"v",a.vtp_gtmEventId);return d})}();Z.g.gclidw=["google"],function(){var a=
2022-03-03 07:35:31 UTC 732 IN Data Raw: 28 29 29 7d 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 66 28 29 3b 63 3d 21 31 7d 7d 2c 6d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 66 28 29 3b 0a 64 3d 7b 70 75 73 68 3a 65 7d 3b 7d 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 5a 2e 5f 5f 61 77 63 74 3d 6c 3b 5a 2e 5f 5f 61 77 63 74 2e 68 3d 22 61 77 63 74 22 3b 5a 2e 5f 5f 61 77 63 74 2e 69 73 56 65 6e 64 6f 72 54 65 6d 70 6c 61 74 65 3d 21 30 3b 5a 2e 5f 5f 61 77 0d 0a Data Ascii: ())},g=function(){return function(){f();c=!1}},m=function(){return function(){f();d={push:e};}};(function(l){Z.__awct=l;Z.__awct.h="awct";Z.__awct.isVendorTemplate=!0;Z.__aw
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 84 of 135
2022-03-03 07:35:31 UTC 732 IN Data Raw: 32 32 66 64 0d 0a 63 74 2e 70 72 69 6f 72 69 74 79 4f 76 65 72 72 69 64 65 3d 30 7d 29 28 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 66 75 6e 63 74 69 6f 6e 20 6e 28 58 29 7b 49 2e 67 6f 6f 67 6c 65 5f 67 74 6d 5f 65 78 70 65 72 69 6d 65 6e 74 73 3d 49 2e 67 6f 6f 67 6c 65 5f 67 74 6d 5f 65 78 70 65 72 69 6d 65 6e 74 73 7c 7c 7b 7d 3b 49 2e 67 6f 6f 67 6c 65 5f 67 74 6d 5f 65 78 70 65 72 69 6d 65 6e 74 73 5b 58 5d 3d 21 30 7d 66 75 6e 63 74 69 6f 6e 20 70 28 58 2c 69 61 2c 7a 61 29 7b 72 65 74 75 72 6e 22 44 41 54 41 5f 4c 41 59 45 52 22 3d 3d 3d 58 3f 69 71 28 7a 61 29 3a 6c 5b 69 61 5d 7d 66 75 6e 63 74 69 6f 6e 20 71 28 29 7b 50 28 22 67 64 70 72 5f 63 6f 6e 73 65 6e 74 22 2c 46 6b 28 29 29 3b 50 28 22 67 64 70 72 22 2c 47 6b 28 29 29 7d 66 75 6e 63 74 69 6f Data Ascii: 22fdct.priorityOverride=0})(function(l){function n(X){I.google_gtm_experiments=I.google_gtm_experiments||{};I.google_gtm_experiments[X]=!0}function p(X,ia,za){return"DATA_LAYER"===X?iq(za):l[ia]}function q(){P("gdpr_consent",Fk());P("gdpr",Gk())}functio
2022-03-03 07:35:31 UTC 734 IN Data Raw: 76 65 72 73 69 6f 6e 73 7c 7c 21 21 6c 2e 76 74 70 5f 65 6e 61 62 6c 65 45 6e 68 61 6e 63 65 64 43 6f 6e 76 65 72 73 69 6f 6e 2c 78 3d 62 72 28 6c 2e 76 74 70 5f 63 75 73 74 6f 6d 56 61 72 69 61 62 6c 65 73 2c 22 76 61 72 4e 61 6d 65 22 2c 22 76 61 6c 75 65 22 29 7c 7c 7b 7d 3b 69 66 28 61 29 7b 76 61 72 20 77 3d 66 75 6e 63 74 69 6f 6e 28 58 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 69 61 2c 7a 61 2c 44 61 29 7b 79 5b 69 61 5d 3d 70 28 58 2c 7a 61 2c 44 61 29 7d 7d 2c 41 3d 7b 7d 2c 79 3d 28 41 5b 51 2e 6a 61 5d 3d 6c 2e 76 74 70 5f 63 6f 6e 76 65 72 73 69 6f 6e 56 61 6c 75 65 7c 7c 30 2c 41 5b 51 2e 63 61 5d 3d 6c 2e 76 74 70 5f 63 75 72 72 65 6e 63 79 43 6f 64 65 2c 41 5b 51 2e 68 62 5d 3d 6c 2e 76 74 70 5f 6f 72 64 65 72 49 64 2c 41 5b 51 Data Ascii: versions||!!l.vtp_enableEnhancedConversion,x=br(l.vtp_customVariables,"varName","value")||{};if(a){var w=function(X){return function(ia,za,Da){y[ia]=p(X,za,Da)}},A={},y=(A[Q.ja]=l.vtp_conversionValue||0,A[Q.ca]=l.vtp_currencyCode,A[Q.hb]=l.vtp_orderId,A[Q
2022-03-03 07:35:31 UTC 735 IN Data Raw: 6c 2c 51 2e 6f 61 2c 44 61 74 65 2e 6e 6f 77 28 29 2c 4a 29 3b 7d 65 6c 73 65 7b 61 69 28 29 3b 76 61 72 20 49 3d 7b 67 6f 6f 67 6c 65 5f 62 61 73 6b 65 74 5f 74 72 61 6e 73 61 63 74 69 6f 6e 5f 74 79 70 65 3a 22 70 75 72 63 68 61 73 65 22 2c 67 6f 6f 67 6c 65 5f 63 6f 6e 76 65 72 73 69 6f 6e 5f 64 6f 6d 61 69 6e 3a 22 22 2c 67 6f 6f 67 6c 65 5f 63 6f 6e 76 65 72 73 69 6f 6e 5f 69 64 3a 6c 2e 76 74 70 5f 63 6f 6e 76 65 72 73 69 6f 6e 49 64 2c 67 6f 6f 67 6c 65 5f 63 6f 6e 76 65 72 73 69 6f 6e 5f 6c 61 62 65 6c 3a 6c 2e 76 74 70 5f 63 6f 6e 76 65 72 73 69 6f 6e 4c 61 62 65 6c 2c 67 6f 6f 67 6c 65 5f 63 6f 6e 76 65 72 73 69 6f 6e 5f 76 61 6c 75 65 3a 6c 2e 76 74 70 5f 63 6f 6e 76 65 72 73 69 6f 6e 56 61 6c 75 65 7c 7c 30 2c 67 6f 6f 67 6c 65 5f 72 65 6d 61 Data Ascii: l,Q.oa,Date.now(),J);}else{ai();var I={google_basket_transaction_type:"purchase",google_conversion_domain:"",google_conversion_id:l.vtp_conversionId,google_conversion_label:l.vtp_conversionLabel,google_conversion_value:l.vtp_conversionValue||0,google_rema
2022-03-03 07:35:31 UTC 736 IN Data Raw: 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 58 29 7b 72 65 74 75 72 6e 7b 76 61 6c 75 65 3a 58 2e 70 72 69 63 65 2c 71 75 61 6e 74 69 74 79 3a 58 2e 71 75 61 6e 74 69 74 79 2c 69 74 65 6d 5f 69 64 3a 58 2e 69 64 7d 7d 29 29 29 3b 76 61 72 20 57 3d 66 75 6e 63 74 69 6f 6e 28 58 2c 69 61 29 7b 28 49 2e 67 6f 6f 67 6c 65 5f 61 64 64 69 74 69 6f 6e 61 6c 5f 70 61 72 61 6d 73 3d 49 2e 67 6f 6f 67 6c 65 5f 61 64 64 69 74 69 6f 6e 61 6c 5f 70 61 72 61 6d 73 7c 7c 7b 7d 29 5b 58 5d 3d 69 61 7d 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 58 2c 69 61 29 7b 76 6f 69 64 20 30 21 3d 3d 69 61 26 26 28 28 49 2e 67 6f 6f 67 6c 65 5f 61 64 64 69 74 69 6f 6e 61 6c 5f 63 6f 6e 76 65 72 73 69 6f 6e 5f 70 61 72 61 6d 73 3d 49 2e 67 6f 6f 67 6c 65 5f 61 64 64 69 74 69 6f 6e 61 6c 5f 63 Data Ascii: .map(function(X){return{value:X.price,quantity:X.quantity,item_id:X.id}})));var W=function(X,ia){(I.google_additional_params=I.google_additional_params||{})[X]=ia},P=function(X,ia){void 0!==ia&&((I.google_additional_conversion_params=I.google_additional_c
2022-03-03 07:35:31 UTC 737 IN Data Raw: 6e 43 6f 6f 6b 69 65 50 72 65 66 69 78 29 2c 49 2e 67 6f 6f 67 6c 65 5f 72 65 61 64 5f 67 63 6c 5f 63 6f 6f 6b 69 65 5f 6f 70 74 5f 6f 75 74 3d 21 31 29 3a 49 2e 67 6f 6f 67 6c 65 5f 72 65 61 64 5f 67 63 6c 5f 63 6f 6f 6b 69 65 5f 6f 70 74 5f 6f 75 74 3d 21 30 3b 22 31 22 3d 3d 3d 44 67 28 21 31 29 2e 5f 75 70 26 26 50 28 22 67 74 6d 5f 75 70 22 2c 22 31 22 29 3b 71 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 58 3d 21 31 3b 21 6b 64 28 29 7c 7c 58 3f 74 28 21 30 29 3a 43 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 71 28 29 3b 76 61 72 20 69 61 3d 79 64 28 51 2e 43 29 2c 7a 61 3d 76 6f 69 64 20 30 21 3d 69 71 28 51 2e 55 29 26 26 21 31 21 3d 3d 69 71 28 51 2e 55 29 2c 44 61 3d 21 31 3b 0a 44 61 3d Data Ascii: nCookiePrefix),I.google_read_gcl_cookie_opt_out=!1):I.google_read_gcl_cookie_opt_out=!0;"1"===Dg(!1)._up&&P("gtm_up","1");q();(function(){})();(function(){var X=!1;!kd()||X?t(!0):Cd(function(){q();var ia=yd(Q.C),za=void 0!=iq(Q.U)&&!1!==iq(Q.U),Da=!1;Da=
2022-03-03 07:35:31 UTC 739 IN Data Raw: 79 29 7b 76 61 72 20 65 3d 0a 64 2e 76 74 70 5f 67 74 6d 4f 6e 46 61 69 6c 75 72 65 2c 66 3d 72 71 28 64 2e 76 74 70 5f 68 74 6d 6c 2c 64 2e 76 74 70 5f 67 74 6d 4f 6e 53 75 63 63 65 73 73 2c 65 29 2c 67 3d 66 2e 54 69 2c 6d 3d 66 2e 6f 6e 53 75 63 63 65 73 73 3b 69 66 28 64 2e 76 74 70 5f 75 73 65 49 66 72 61 6d 65 29 7b 7d 65 6c 73 65 20 64 2e 76 74 70 5f 73 75 70 70 6f 72 74 44 6f 63 75 6d 65 6e 74 57 72 69 74 65 3f 62 28 67 2c 6d 2c 65 29 3a 61 28 47 2e 62 6f 64 79 2c 74 62 28 67 29 2c 6d 2c 65 29 28 29 7d 65 6c 73 65 20 64 71 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 28 64 29 7d 2c 0a 32 30 30 29 7d 3b 5a 2e 5f 5f 68 74 6d 6c 3d 63 3b 5a 2e 5f 5f 68 74 6d 6c 2e 68 3d 22 68 74 6d 6c 22 3b 5a 2e 5f 5f 68 74 6d 6c 2e 69 73 56 65 6e 64 6f 72 54 65 6d 70 6c Data Ascii: y){var e=d.vtp_gtmOnFailure,f=rq(d.vtp_html,d.vtp_gtmOnSuccess,e),g=f.Ti,m=f.onSuccess;if(d.vtp_useIframe){}else d.vtp_supportDocumentWrite?b(g,m,e):a(G.body,tb(g),m,e)()}else dq(function(){c(d)},200)};Z.__html=c;Z.__html.h="html";Z.__html.isVendorTempl
2022-03-03 07:35:31 UTC 740 IN Data Raw: 73 69 73 74 61 6e 74 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 3d 3d 3d 51 65 28 6c 2c 22 68 6f 73 74 22 29 26 26 28 67 3d 33 29 7d 69 66 28 21 67 29 7b 76 61 72 20 6e 3d 78 66 28 22 5f 5f 54 41 47 5f 41 53 53 49 53 54 41 4e 54 22 29 3b 6e 2e 6c 65 6e 67 74 68 26 26 6e 5b 30 5d 2e 6c 65 6e 67 74 68 26 26 28 67 3d 34 29 7d 69 66 28 21 67 29 7b 76 61 72 20 70 3d 47 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 74 61 67 2d 61 73 73 69 73 74 61 6e 74 2d 70 72 65 73 65 6e 74 22 29 3b 41 70 28 70 29 26 26 28 67 3d 35 29 7d 67 26 26 64 62 3f 66 28 67 29 3a 61 28 29 7d 29 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 21 31 3b 0a 61 26 26 62 69 28 22 49 4e 49 54 22 29 3b 24 63 28 29 2e 6f 28 29 3b 45 Data Ascii: sistant.google.com"===Qe(l,"host")&&(g=3)}if(!g){var n=xf("__TAG_ASSISTANT");n.length&&n[0].length&&(g=4)}if(!g){var p=G.documentElement.getAttribute("data-tag-assistant-present");Ap(p)&&(g=5)}g&&db?f(g):a()})(function(){var a=!1;a&&bi("INIT");$c().o();E
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
17 192.168.2.3 49783 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 85 of 135
2022-03-03 07:35:31 UTC 741 OUT GET /include/startpoolcards.css?v=63 HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono
2022-03-03 07:35:31 UTC 796 IN HTTP/1.1 200 OKContent-Type: text/cssExpires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Wed, 22 Jan 2020 20:20:52 GMTAccept-Ranges: bytesETag: "a725667161d1d51:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:29 GMTConnection: closeContent-Length: 472
2022-03-03 07:35:31 UTC 796 IN Data Raw: 2e 63 61 72 64 2d 62 6f 64 79 20 7b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 30 70 78 7d 0d 0a 09 0d 0a 23 70 65 79 65 20 7b 63 6f 6c 6f 72 3a 20 23 62 62 62 62 62 62 3b 7d 0d 0a 2e 66 6f 72 6d 2d 67 72 6f 75 70 20 73 65 6c 65 63 74 20 7b 6d 61 78 2d 77 69 64 74 68 3a 20 33 30 30 70 78 3b 7d 0d 0a 2e 73 74 65 70 20 7b 20 6d 61 72 67 69 6e 3a 20 30 20 32 70 78 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 62 62 62 62 62 62 3b 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 20 68 65 69 67 68 74 3a 31 35 70 78 3b 20 77 69 64 74 68 3a 20 31 35 70 78 3b 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 6f 70 61 63 69 74 79 3a 20 30 2e 35 3b 7d 0d 0a 2e 73 74 65 70 2e 66 69 Data Ascii: .card-body {min-height:200px}#peye {color: #bbbbbb;}.form-group select {max-width: 300px;}.step { margin: 0 2px; background-color: #bbbbbb; border: none; border-radius:50%; height:15px; width: 15px; display: inline-block; opacity: 0.5;}.step.fi
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
18 192.168.2.3 49781 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:31 UTC 742 OUT GET /include/joinpool.js?v=24 HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono
2022-03-03 07:35:31 UTC 809 IN HTTP/1.1 200 OKContent-Type: application/x-javascriptExpires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Tue, 14 Jul 2020 21:19:52 GMTAccept-Ranges: bytesETag: "7ae17283245ad61:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:29 GMTConnection: closeContent-Length: 26217
2022-03-03 07:35:31 UTC 809 IN Data Raw: 0d 0a 66 75 6e 63 74 69 6f 6e 20 65 6e 74 72 79 43 6f 64 65 74 6f 67 67 6c 65 28 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 24 28 27 2e 70 6f 6f 6c 45 6e 74 72 79 4b 65 79 27 29 2e 69 73 28 27 3a 76 69 73 69 62 6c 65 27 29 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 24 28 27 2e 70 6f 6f 6c 45 6e 74 72 79 4b 65 79 27 29 2e 73 6c 69 64 65 55 70 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 24 28 27 2e 70 6f 6f 6c 50 77 64 27 29 2e 73 6c 69 64 65 44 6f 77 6e 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 24 28 27 23 68 61 76 65 45 6e 74 72 79 4b 65 79 27 29 2e 68 74 6d 6c 28 27 55 73 65 20 50 6f 6f 6c 20 22 45 6e 74 72 79 20 4b 65 79 22 20 49 6e 73 74 65 61 64 27 29 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 24 28 27 2e 70 6f 6f 6c 50 Data Ascii: function entryCodetoggle() { if ($('.poolEntryKey').is(':visible')) { $('.poolEntryKey').slideUp(); $('.poolPwd').slideDown(); $('#haveEntryKey').html('Use Pool "Entry Key" Instead'); } else { $('.poolP
Copyright Joe Security LLC 2022 Page 86 of 135
2022-03-03 07:35:31 UTC 825 IN Data Raw: 45 6e 74 72 69 65 73 4d 65 73 73 61 67 65 27 29 2e 61 64 64 43 6c 61 73 73 28 22 61 6c 65 72 74 2d 77 61 72 6e 69 6e 67 22 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 22 61 6c 65 72 74 2d 73 75 63 63 65 73 73 22 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 6e 75 6d 45 6e 74 72 69 65 73 4d 65 73 73 61 67 65 27 29 2e 73 6c 69 64 65 44 6f 77 6e 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 09 0d 0a 20 20 20 20 20 20 20 20 7d 29 0d 0a 20 20 20 20 20 20 20 20 2e 65 72 72 6f 72 28 66 75 6e 63 74 69 6f 6e 20 28 6a 71 58 48 52 2c 20 65 78 63 65 70 74 69 6f 6e 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 6a 71 58 48 52 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 29 3b 09 0d 0a 20 20 20 20 7d 0d Data Ascii: EntriesMessage').addClass("alert-warning").removeClass("alert-success"); $('#numEntriesMessage').slideDown(); } }) .error(function (jqXHR, exception) { console.log(jqXHR); }); }
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
19 192.168.2.3 49782 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:31 UTC 742 OUT GET /include/cardScript.js?v=24 HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono
2022-03-03 07:35:31 UTC 797 IN HTTP/1.1 200 OKContent-Type: application/x-javascriptExpires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Sat, 07 Mar 2020 17:29:28 GMTAccept-Ranges: bytesETag: "34148ef4a5f4d51:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:29 GMTConnection: closeContent-Length: 4508
2022-03-03 07:35:31 UTC 797 IN Data Raw: 0d 0a 24 28 20 64 6f 63 75 6d 65 6e 74 20 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 09 63 61 72 64 4c 69 73 74 20 3d 20 70 43 61 72 64 4c 69 73 74 2e 63 6f 6e 63 61 74 28 67 43 61 72 64 4c 69 73 74 29 3b 0d 0a 09 62 75 69 6c 64 43 69 72 63 6c 65 73 28 6f 70 65 6e 43 61 72 64 49 64 78 29 3b 0d 0a 09 72 65 6d 6f 76 65 43 61 72 64 35 30 28 29 3b 0d 0a 20 20 20 20 68 69 64 65 73 68 6f 77 28 6f 70 65 6e 43 61 72 64 49 64 78 2c 6f 70 65 6e 43 61 72 64 49 64 78 29 3b 20 20 2f 2f 20 68 69 64 65 20 61 6e 64 20 74 68 65 6e 20 73 68 6f 77 20 66 69 72 73 74 20 63 61 72 64 0d 0a 7d 29 3b 0d 0a 0d 0a 66 75 6e 63 74 69 6f 6e 20 6f 70 65 6e 43 61 72 64 28 29 20 7b 0d 0a 09 72 65 74 75 72 6e 20 63 61 72 64 4c 69 73 74 5b 6f 70 65 6e 43 61 72 64 49 Data Ascii: $( document ).ready(function() {cardList = pCardList.concat(gCardList);buildCircles(openCardIdx);removeCard50(); hideshow(openCardIdx,openCardIdx); // hide and then show first card});function openCard() {return cardList[openCardI
Session ID Source IP Source Port Destination IPDestinationPort
Process
2 192.168.2.3 49753 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:28 UTC 4 OUT GET /pools.cfm?poolid=24147&p=2&pwd=bracket2022 HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Copyright Joe Security LLC 2022 Page 87 of 135
2022-03-03 07:35:28 UTC 5 IN HTTP/1.1 200 OKContent-Type: text/html;charset=UTF-8Server: Microsoft-IIS/7.5Set-Cookie: CFID=101312864; Expires=Sat, 24-Feb-2052 07:36:26 GMT; Path=/; HttpOnlySet-Cookie: CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; Expires=Sat, 24-Feb-2052 07:36:26 GMT; Path=/; HttpOnlySet-Cookie: JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; Path=/; Secure; HttpOnlySet-Cookie: MESSAGEMODE=chrono; Expires=Tue, 30-Aug-2022 07:36:26 GMT; Path=/Date: Thu, 03 Mar 2022 07:36:26 GMTConnection: closeContent-Length: 37223
2022-03-03 07:35:28 UTC 6 IN Data Raw: 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 20 20 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 20 0d 0a 3c 68 65 61 64 3e 0d 0a 0d 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0d 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0d 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0d 0a 6a 3d 64 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 73 29 2c 64 6c 3d 6c 21 3d 27 64 Data Ascii: <!DOCTYPE HTML> <html lang="en"> <head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='d
2022-03-03 07:35:29 UTC 22 IN Data Raw: 6c 6f 77 20 74 6f 20 63 6f 6e 74 69 6e 75 65 2e 22 29 2e 61 64 64 43 6c 61 73 73 28 22 61 6c 65 72 74 22 29 2e 61 64 64 43 6c 61 73 73 28 22 61 6c 65 72 74 2d 73 75 63 63 65 73 73 22 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 22 61 6c 65 72 74 2d 64 61 6e 67 65 72 22 29 3b 0d 0a 09 09 24 28 22 23 72 65 67 69 73 74 65 72 4d 65 73 73 61 67 65 22 2b 72 65 67 69 73 74 65 72 46 6f 72 6d 4e 6f 29 2e 73 6c 69 64 65 44 6f 77 6e 28 29 3b 0d 0a 09 09 24 28 22 23 6e 65 78 74 42 75 74 74 6f 6e 22 29 2e 61 74 74 72 28 22 6f 6e 63 6c 69 63 6b 22 2c 22 6e 65 78 74 43 61 72 64 28 29 3b 22 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 22 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 22 29 2e 61 64 64 43 6c 61 73 73 28 22 62 74 6e 2d 70 72 69 6d 61 72 79 22 29 3b 0d 0a 09 09 63 68 65 Data Ascii: low to continue.").addClass("alert").addClass("alert-success").removeClass("alert-danger");$("#registerMessage"+registerFormNo).slideDown();$("#nextButton").attr("onclick","nextCard();").removeClass("btn-secondary").addClass("btn-primary");che
2022-03-03 07:35:29 UTC 38 IN Data Raw: 3e 0d 0a 20 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 31 32 20 74 65 78 74 2d 63 65 6e 74 65 72 20 63 69 72 63 6c 65 73 22 3e 0d 0a 20 20 20 20 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 65 70 22 20 6f 6e 63 6c 69 63 6b 3d 22 73 6b 69 70 54 6f 28 30 29 3b 22 3e 3c 2f 73 70 61 6e 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 65 70 22 20 6f 6e 63 6c 69 63 6b 3d 22 73 6b 69 70 54 6f 28 31 29 3b 22 3e 3c 2f 73 70 61 6e 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 65 70 22 20 6f 6e 63 6c 69 63 6b 3d 22 73 6b 69 70 54 6f 28 32 29 3b 22 3e 3c 2f 73 70 61 6e 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 65 70 22 20 6f 6e 63 6c 69 63 6b 3d 22 73 6b 69 70 54 6f 28 33 29 3b 22 3e 3c 2f 73 70 61 6e 3e 20 3c 73 70 61 6e 20 63 Data Ascii: > <div class="col-12 text-center circles"> <span class="step" onclick="skipTo(0);"></span> <span class="step" onclick="skipTo(1);"></span> <span class="step" onclick="skipTo(2);"></span> <span class="step" onclick="skipTo(3);"></span> <span c
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
20 192.168.2.3 49785 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:31 UTC 743 OUT GET /themes/theme-0-1/ofpLogo.svg HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono
2022-03-03 07:35:31 UTC 801 IN HTTP/1.1 200 OKContent-Type: image/svg+xmlExpires: Sat, 15 Feb 2025 00:00:00 GMTLast-Modified: Tue, 22 Sep 2020 22:18:03 GMTAccept-Ranges: bytesETag: "8cbf203d2e91d61:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:29 GMTConnection: closeContent-Length: 1855
Copyright Joe Security LLC 2022 Page 88 of 135
2022-03-03 07:35:31 UTC 802 IN Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 31 38 2e 31 2e 31 2c 20 53 56 47 20 45 78 70 6f 72 74 20 50 6c 75 67 2d 49 6e 20 2e 20 53 56 47 20 56 65 72 73 69 6f 6e 3a 20 36 2e 30 30 20 42 75 69 6c 64 20 30 29 20 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 73 76 67 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 53 56 47 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 47 72 61 70 68 69 63 73 2f 53 56 47 2f 31 2e 31 2f 44 54 44 2f 73 76 67 31 31 2e 64 74 64 22 3e 0d 0a 0d 0a 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 Data Ascii: <?xml version="1.0" encoding="utf-8"?>... Generator: Adobe Illustrator 18.1.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) --><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
21 192.168.2.3 49784 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:31 UTC 744 OUT GET /themes/theme-0-1/ofpLogoText.svg?v=3 HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono
2022-03-03 07:35:31 UTC 803 IN HTTP/1.1 200 OKContent-Type: image/svg+xmlExpires: Sat, 15 Feb 2025 00:00:00 GMTLast-Modified: Tue, 22 Sep 2020 22:18:03 GMTAccept-Ranges: bytesETag: "8cbf203d2e91d61:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:29 GMTConnection: closeContent-Length: 5670
2022-03-03 07:35:31 UTC 804 IN Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 32 32 2e 30 2e 31 2c 20 53 56 47 20 45 78 70 6f 72 74 20 50 6c 75 67 2d 49 6e 20 2e 20 53 56 47 20 56 65 72 73 69 6f 6e 3a 20 36 2e 30 30 20 42 75 69 6c 64 20 30 29 20 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 73 76 67 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 53 56 47 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 47 72 61 70 68 69 63 73 2f 53 56 47 2f 31 2e 31 2f 44 54 44 2f 73 76 67 31 31 2e 64 74 64 22 3e 0d 0a 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?>... Generator: Adobe Illustrator 22.0.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) --><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1"
Session ID Source IP Source Port Destination IPDestinationPort
Process
22 192.168.2.3 49788 142.250.185.110 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:31 UTC 744 OUT GET /analytics.js HTTP/1.1Host: www.google-analytics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Copyright Joe Security LLC 2022 Page 89 of 135
2022-03-03 07:35:31 UTC 746 IN HTTP/1.1 200 OKStrict-Transport-Security: max-age=10886400; includeSubDomains; preloadX-Content-Type-Options: nosniffVary: Accept-EncodingCross-Origin-Resource-Policy: cross-originServer: Golfe2Date: Thu, 03 Mar 2022 07:34:53 GMTExpires: Thu, 03 Mar 2022 09:34:53 GMTCache-Control: public, max-age=7200Age: 38Last-Modified: Tue, 02 Nov 2021 17:39:06 GMTContent-Type: text/javascriptAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneConnection: closeTransfer-Encoding: chunked
2022-03-03 07:35:31 UTC 746 IN Data Raw: 38 30 30 30 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 61 61 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 76 61 72 20 63 3d 61 61 3b 61 5b 30 5d 69 6e 20 63 7c 7c 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 63 2e 65 78 65 63 53 63 72 69 70 74 7c 7c 63 2e 65 78 65 63 53 63 72 69 70 74 28 22 76 61 72 20 22 2b 61 5b 30 5d 29 3b 66 6f 72 28 76 61 72 20 64 3b 61 2e 6c 65 6e 67 74 68 26 26 28 64 3d 61 2e Data Ascii: 8000(function(){/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var aa=this||self,l=function(a,b){a=a.split(".");var c=aa;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.
2022-03-03 07:35:31 UTC 747 IN Data Raw: 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 76 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 61 2c 62 2c 21 31 29 3a 76 2e 61 74 74 61 63 68 45 76 65 6e 74 26 26 76 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 22 2b 61 2c 62 29 7d 3b 76 61 72 20 79 3d 7b 7d 2c 7a 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 79 2e 54 41 47 47 49 4e 47 3d 79 2e 54 41 47 47 49 4e 47 7c 7c 5b 5d 3b 79 2e 54 41 47 47 49 4e 47 5b 31 5d 3d 21 30 7d 3b 76 61 72 20 41 3d 2f 3a 5b 30 2d 39 5d 2b 24 2f 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 26 22 29 3b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 61 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 61 5b 64 5d 2e 73 70 6c 69 74 28 22 3d 22 29 3b 69 66 28 64 65 63 6f 64 65 Data Ascii: ddEventListener?v.addEventListener(a,b,!1):v.attachEvent&&v.attachEvent("on"+a,b)};var y={},z=function(){y.TAGGING=y.TAGGING||[];y.TAGGING[1]=!0};var A=/:[0-9]+$/,B=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decode
2022-03-03 07:35:31 UTC 748 IN Data Raw: 61 2e 6c 65 6e 67 74 68 2d 31 5d 3d 22 22 29 3b 61 3d 61 2e 6a 6f 69 6e 28 22 2f 22 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 71 75 65 72 79 22 3a 61 3d 61 2e 73 65 61 72 63 68 2e 72 65 70 6c 61 63 65 28 22 3f 22 2c 22 22 29 3b 65 26 26 28 61 3d 42 28 61 2c 65 2c 76 6f 69 64 20 30 29 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 65 78 74 65 6e 73 69 6f 6e 22 3a 61 3d 61 2e 70 61 74 68 6e 61 6d 65 2e 73 70 6c 69 74 28 22 2e 22 29 3b 61 3d 31 3c 61 2e 6c 65 6e 67 74 68 3f 61 5b 61 2e 6c 65 6e 67 74 68 2d 31 5d 3a 22 22 3b 61 3d 61 2e 73 70 6c 69 74 28 22 2f 22 29 5b 30 5d 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 72 61 67 6d 65 6e 74 22 3a 61 3d 61 2e 68 61 73 68 2e 72 65 70 6c 61 63 65 28 22 23 22 2c 22 22 29 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 61 3d Data Ascii: a.length-1]="");a=a.join("/");break;case "query":a=a.search.replace("?","");e&&(a=B(a,e,void 0));break;case "extension":a=a.pathname.split(".");a=1<a.length?a[a.length-1]:"";a=a.split("/")[0];break;case "fragment":a=a.hash.replace("#","");break;default:a=
2022-03-03 07:35:31 UTC 749 IN Data Raw: 72 6e 20 63 3b 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 3c 3c 32 7c 66 3e 3e 34 29 3b 36 34 21 3d 67 26 26 28 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 66 3c 3c 34 26 32 34 30 7c 67 3e 3e 32 29 2c 36 34 21 3d 68 26 26 28 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 67 3c 3c 36 26 31 39 32 7c 68 29 29 29 7d 7d 3b 76 61 72 20 4c 3b 76 61 72 20 4d 3d 76 6f 69 64 20 30 2c 4f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 63 61 2c 62 3d 64 61 2c 63 3d 4e 28 29 2c 64 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 61 28 67 2e 74 61 72 67 65 74 7c 7c 67 2e 73 72 63 45 6c 65 6d 65 6e 74 7c 7c 7b 7d 29 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 62 28 67 2e 74 61 72 67 65 74 7c 7c Data Ascii: rn c;c+=String.fromCharCode(e<<2|f>>4);64!=g&&(c+=String.fromCharCode(f<<4&240|g>>2),64!=h&&(c+=String.fromCharCode(g<<6&192|h)))}};var L;var M=void 0,O=function(){var a=ca,b=da,c=N(),d=function(g){a(g.target||g.srcElement||{})},e=function(g){b(g.target||
2022-03-03 07:35:31 UTC 751 IN Data Raw: 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 29 7b 76 61 72 20 65 3d 61 5b 64 5d 3b 76 6f 69 64 20 30 21 3d 3d 65 26 26 65 3d 3d 3d 65 26 26 6e 75 6c 6c 21 3d 3d 65 26 26 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 21 3d 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 26 26 28 63 2e 70 75 73 68 28 64 29 2c 63 2e 70 75 73 68 28 4b 28 53 74 72 69 6e 67 28 65 29 29 29 29 7d 61 3d 63 2e 6a 6f 69 6e 28 22 2a 22 29 3b 76 6f 69 64 20 30 21 3d 3d 62 26 26 28 63 3d 22 78 70 5f 22 2b 62 2c 62 3d 68 61 5b 62 5d 28 61 29 2c 61 3d 61 2b 22 2a 22 2b 5b 63 2c 4b 28 53 74 72 69 6e 67 28 62 29 29 5d 2e 6a 6f 69 6e 28 22 2a 22 29 29 3b 72 65 74 75 72 6e 5b 22 31 22 2c 53 28 61 29 2c 61 5d 2e 6a 6f 69 6e 28 22 2a 22 29 7d 3b 0a 66 75 6e 63 74 69 6f 6e 20 53 28 61 2c 62 29 Data Ascii: asOwnProperty(d)){var e=a[d];void 0!==e&&e===e&&null!==e&&"[object Object]"!==e.toString()&&(c.push(d),c.push(K(String(e))))}a=c.join("*");void 0!==b&&(c="xp_"+b,b=ha[b](a),a=a+"*"+[c,K(String(b))].join("*"));return["1",S(a),a].join("*")};function S(a,b)
2022-03-03 07:35:31 UTC 752 IN Data Raw: 6c 22 2c 66 29 3b 66 2e 6c 65 6e 67 74 68 26 26 28 66 3d 67 2b 66 29 3b 72 65 74 75 72 6e 20 66 7d 69 66 28 75 26 26 75 2e 72 65 70 6c 61 63 65 53 74 61 74 65 29 7b 76 61 72 20 65 3d 52 28 22 5f 67 6c 22 29 3b 69 66 28 65 2e 74 65 73 74 28 62 29 7c 7c 65 2e 74 65 73 74 28 63 29 29 61 3d 45 28 61 2c 22 70 61 74 68 22 29 2c 62 3d 64 28 62 2c 22 3f 22 29 2c 63 3d 64 28 63 2c 22 23 22 29 2c 75 2e 72 65 70 6c 61 63 65 53 74 61 74 65 28 7b 7d 2c 76 6f 69 64 20 30 2c 22 22 2b 61 2b 62 2b 63 29 7d 7d 0a 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 76 6f 69 64 20 30 3d 3d 3d 62 3f 33 3a 62 3b 74 72 79 7b 69 66 28 61 29 7b 61 3a 7b 66 6f 72 28 76 61 72 20 63 3d 30 3b 33 3e 63 3b 2b 2b 63 29 7b 76 61 72 20 64 3d 65 61 2e 65 78 65 63 28 61 Data Ascii: l",f);f.length&&(f=g+f);return f}if(u&&u.replaceState){var e=R("_gl");if(e.test(b)||e.test(c))a=E(a,"path"),b=d(b,"?"),c=d(c,"#"),u.replaceState({},void 0,""+a+b+c)}}var V=function(a){var b=void 0===b?3:b;try{if(a){a:{for(var c=0;3>c;++c){var d=ea.exec(a
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 90 of 135
2022-03-03 07:35:31 UTC 753 IN Data Raw: 29 7b 76 61 72 20 64 3d 28 63 2e 6d 65 74 68 6f 64 7c 7c 22 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 69 66 28 22 67 65 74 22 3d 3d 3d 64 29 7b 64 3d 63 2e 63 68 69 6c 64 4e 6f 64 65 73 7c 7c 5b 5d 3b 66 6f 72 28 76 61 72 20 65 3d 21 31 2c 66 3d 30 3b 66 3c 64 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 7b 76 61 72 20 67 3d 64 5b 66 5d 3b 69 66 28 67 2e 6e 61 6d 65 3d 3d 3d 61 29 7b 67 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 76 61 6c 75 65 22 2c 62 29 3b 65 3d 21 30 3b 62 72 65 61 6b 7d 7d 65 7c 7c 28 64 3d 76 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 2c 64 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 64 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 61 29 2c Data Ascii: ){var d=(c.method||"").toLowerCase();if("get"===d){d=c.childNodes||[];for(var e=!1,f=0;f<d.length;f++){var g=d[f];if(g.name===a){g.setAttribute("value",b);e=!0;break}}e||(d=v.createElement("input"),d.setAttribute("type","hidden"),d.setAttribute("name",a),
2022-03-03 07:35:31 UTC 755 IN Data Raw: 65 41 74 28 63 29 3b 62 3d 28 62 3c 3c 36 26 32 36 38 34 33 35 34 35 35 29 2b 64 2b 28 64 3c 3c 31 34 29 3b 64 3d 62 26 32 36 36 33 33 38 33 30 34 3b 62 3d 30 21 3d 64 3f 62 5e 64 3e 3e 32 31 3a 62 7d 72 65 74 75 72 6e 20 62 7d 3b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 24 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 43 3d 61 7c 7c 5b 5d 7d 3b 24 63 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 43 5b 61 5d 3d 21 30 7d 3b 24 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 63 6f 64 Data Ascii: eAt(c);b=(b<<6&268435455)+d+(d<<14);d=b&266338304;b=0!=d?b^d>>21:b}return b};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var $c=function(a){this.C=a||[]};$c.prototype.set=function(a){this.C[a]=!0};$c.prototype.encod
2022-03-03 07:35:31 UTC 756 IN Data Raw: 20 61 3d 4f 2e 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2b 28 4d 2e 63 6f 6f 6b 69 65 3f 4d 2e 63 6f 6f 6b 69 65 3a 22 22 29 2b 28 4d 2e 72 65 66 65 72 72 65 72 3f 4d 2e 72 65 66 65 72 72 65 72 3a 22 22 29 2c 62 3d 61 2e 6c 65 6e 67 74 68 2c 63 3d 4f 2e 68 69 73 74 6f 72 79 2e 6c 65 6e 67 74 68 3b 30 3c 63 3b 29 61 2b 3d 63 2d 2d 5e 62 2b 2b 3b 72 65 74 75 72 6e 5b 68 64 28 29 5e 4c 61 28 61 29 26 32 31 34 37 34 38 33 36 34 37 2c 4d 61 74 68 2e 72 6f 75 6e 64 28 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 2f 0a 31 45 33 29 5d 2e 6a 6f 69 6e 28 22 2e 22 29 7d 2c 74 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 4d 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6d 67 22 29 3b 62 2e 77 69 64 74 68 3d 31 3b 62 Data Ascii: a=O.navigator.userAgent+(M.cookie?M.cookie:"")+(M.referrer?M.referrer:""),b=a.length,c=O.history.length;0<c;)a+=c--^b++;return[hd()^La(a)&2147483647,Math.round((new Date).getTime()/1E3)].join(".")},ta=function(a){var b=M.createElement("img");b.width=1;b
2022-03-03 07:35:31 UTC 757 IN Data Raw: 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 45 28 4d 2e 6c 6f 63 61 74 69 6f 6e 5b 62 3f 22 68 72 65 66 22 3a 22 73 65 61 72 63 68 22 5d 2c 61 29 7d 2c 45 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 28 61 3d 61 2e 6d 61 74 63 68 28 22 28 3f 3a 26 7c 23 7c 5c 5c 3f 29 22 2b 4b 28 62 29 2e 72 65 70 6c 61 63 65 28 2f 28 5b 2e 2a 2b 3f 5e 3d 21 3a 24 7b 7d 28 29 7c 5c 5b 5c 5d 5c 2f 5c 5c 5d 29 2f 67 2c 22 5c 5c 24 31 22 29 2b 22 3d 28 5b 5e 26 23 5d 2a 29 22 29 29 26 26 32 3d 3d 61 2e 6c 65 6e 67 74 68 3f 61 5b 31 5d 3a 22 22 7d 2c 78 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 22 22 2b 4d 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 3b 72 65 74 75 72 6e 20 30 3d 3d 61 2e 69 6e 64 65 78 4f 66 28 22 77 77 77 2e Data Ascii: tion(a,b){return E(M.location[b?"href":"search"],a)},E=function(a,b){return(a=a.match("(?:&|#|\\?)"+K(b).replace(/([.*+?^=!:${}()|\[\]\/\\])/g,"\\$1")+"=([^&#]*)"))&&2==a.length?a[1]:""},xa=function(){var a=""+M.location.hostname;return 0==a.indexOf("www.
2022-03-03 07:35:31 UTC 758 IN Data Raw: 73 61 62 6c 65 2d 22 2b 61 5d 29 72 65 74 75 72 6e 21 30 3b 74 72 79 7b 76 61 72 20 63 3d 51 61 2e 65 78 74 65 72 6e 61 6c 3b 69 66 28 63 26 26 63 2e 5f 67 61 55 73 65 72 50 72 65 66 73 26 26 22 6f 6f 22 3d 3d 63 2e 5f 67 61 55 73 65 72 50 72 65 66 73 29 72 65 74 75 72 6e 21 30 7d 63 61 74 63 68 28 67 29 7b 7d 61 3d 5b 5d 3b 62 3d 53 74 72 69 6e 67 28 5a 61 2e 63 6f 6f 6b 69 65 29 2e 73 70 6c 69 74 28 22 3b 22 29 3b 66 6f 72 28 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 2e 73 70 6c 69 74 28 22 3d 22 29 2c 65 3d 64 5b 30 5d 2e 72 65 70 6c 61 63 65 28 2f 5e 5c 73 2a 7c 5c 73 2a 24 2f 67 2c 22 22 29 3b 65 26 26 22 41 4d 50 5f 54 4f 4b 45 4e 22 3d 3d 65 26 26 28 28 64 3d 64 2e 73 6c 69 63 65 28 31 29 2e 6a 6f 69 Data Ascii: sable-"+a])return!0;try{var c=Qa.external;if(c&&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(g){}a=[];b=String(Za.cookie).split(";");for(c=0;c<b.length;c++){var d=b[c].split("="),e=d[0].replace(/^\s*|\s*$/g,"");e&&"AMP_TOKEN"==e&&((d=d.slice(1).joi
2022-03-03 07:35:31 UTC 760 IN Data Raw: 2a 28 2e 2b 3f 29 5c 5c 73 2a 24 22 29 3b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 63 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 63 5b 64 5d 2e 6d 61 74 63 68 28 61 29 3b 65 26 26 62 2e 70 75 73 68 28 7b 6a 61 3a 65 5b 31 5d 2c 76 61 6c 75 65 3a 65 5b 32 5d 2c 74 69 6d 65 73 74 61 6d 70 3a 4e 75 6d 62 65 72 28 65 5b 32 5d 2e 73 70 6c 69 74 28 22 2e 22 29 5b 31 5d 29 7c 7c 30 7d 29 7d 62 2e 73 6f 72 74 28 66 75 6e 63 74 69 6f 6e 28 67 2c 63 61 29 7b 72 65 74 75 72 6e 20 63 61 2e 74 69 6d 65 73 74 61 6d 70 2d 67 2e 74 69 6d 65 73 74 61 6d 70 7d 29 3b 72 65 74 75 72 6e 20 62 7d 3b 0a 66 75 6e 63 74 69 6f 6e 20 64 66 28 61 2c 62 2c 63 29 7b 62 3d 4f 65 28 62 29 3b 76 61 72 20 64 3d 7b 7d 3b 69 66 28 21 62 7c 7c 21 62 2e 6c 65 6e 67 74 68 29 72 Data Ascii: *(.+?)\\s*$");for(var d=0;d<c.length;d++){var e=c[d].match(a);e&&b.push({ja:e[1],value:e[2],timestamp:Number(e[2].split(".")[1])||0})}b.sort(function(g,ca){return ca.timestamp-g.timestamp});return b};function df(a,b,c){b=Oe(b);var d={};if(!b||!b.length)r
2022-03-03 07:35:31 UTC 761 IN Data Raw: 29 2c 21 31 3b 63 3d 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 63 5b 30 5d 7c 7c 22 22 29 3b 69 66 28 22 24 4f 50 54 5f 4f 55 54 22 3d 3d 63 7c 7c 22 24 45 52 52 4f 52 22 3d 3d 63 7c 7c 47 28 62 29 29 72 65 74 75 72 6e 20 4a 28 36 32 29 2c 21 31 3b 69 66 28 21 6a 61 2e 74 65 73 74 28 4d 2e 72 65 66 65 72 72 65 72 29 26 26 22 24 4e 4f 54 5f 46 4f 55 4e 44 22 3d 3d 63 29 72 65 74 75 72 6e 20 4a 28 36 38 29 2c 21 31 3b 69 66 28 76 6f 69 64 20 30 21 3d 3d 41 62 29 72 65 74 75 72 6e 20 4a 28 35 36 29 2c 76 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 28 41 62 29 7d 2c 30 29 2c 21 30 3b 69 66 28 46 61 29 72 65 74 75 72 6e 20 55 62 2e 70 75 73 68 28 61 29 2c 21 30 3b 69 66 28 22 24 52 45 54 52 49 45 56 49 4e 47 22 3d 3d 63 29 72 65 74 75 72 6e 20 4a Data Ascii: ),!1;c=decodeURIComponent(c[0]||"");if("$OPT_OUT"==c||"$ERROR"==c||G(b))return J(62),!1;if(!ja.test(M.referrer)&&"$NOT_FOUND"==c)return J(68),!1;if(void 0!==Ab)return J(56),va(function(){a(Ab)},0),!0;if(Fa)return Ub.push(a),!0;if("$RETRIEVING"==c)return J
2022-03-03 07:35:31 UTC 763 IN Data Raw: 7b 66 62 3d 22 22 3b 66 6f 72 28 76 61 72 20 63 3d 69 64 28 29 2c 64 3d 30 3b 64 3c 63 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 63 5b 64 5d 3b 69 66 28 7a 63 28 22 41 4d 50 5f 54 4f 4b 45 4e 22 2c 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 29 2c 22 2f 22 2c 65 2c 22 22 2c 62 29 29 7b 66 62 3d 65 3b 72 65 74 75 72 6e 7d 7d 7d 7a 63 28 22 41 4d 50 5f 54 4f 4b 45 4e 22 2c 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 29 2c 22 2f 22 2c 66 62 2c 22 22 2c 62 29 7d 2c 51 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 47 61 26 26 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 47 61 29 3b 62 26 26 78 63 28 62 2c 63 29 3b 41 62 3d 61 3b 62 3d 55 62 3b 55 62 3d 5b 5d 3b 66 6f 72 28 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 Data Ascii: {fb="";for(var c=id(),d=0;d<c.length;d++){var e=c[d];if(zc("AMP_TOKEN",encodeURIComponent(a),"/",e,"",b)){fb=e;return}}}zc("AMP_TOKEN",encodeURIComponent(a),"/",fb,"",b)},Qc=function(a,b,c){Ga&&clearTimeout(Ga);b&&xc(b,c);Ab=a;b=Ub;Ub=[];for(c=0;c<b.lengt
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 91 of 135
2022-03-03 07:35:31 UTC 764 IN Data Raw: 7c 7c 75 61 3b 77 64 28 61 2b 22 3f 22 2b 62 2c 22 22 2c 64 2c 63 29 7d 2c 77 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 74 61 28 61 2b 22 3f 22 2b 62 29 3b 64 2e 6f 6e 6c 6f 61 64 3d 64 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 2e 6f 6e 6c 6f 61 64 3d 6e 75 6c 6c 3b 64 2e 6f 6e 65 72 72 6f 72 3d 6e 75 6c 6c 3b 63 28 29 7d 7d 2c 77 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 65 3d 4f 2e 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 3b 69 66 28 21 65 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 67 3d 6e 65 77 20 65 3b 69 66 28 21 28 22 77 69 74 68 43 72 65 64 65 6e 74 69 61 6c 73 22 69 6e 20 67 29 29 72 65 74 75 72 6e 21 31 3b 61 3d 61 2e 72 65 70 6c 61 63 65 28 2f 5e 68 74 74 70 3a 2f Data Ascii: ||ua;wd(a+"?"+b,"",d,c)},wc=function(a,b,c){var d=ta(a+"?"+b);d.onload=d.onerror=function(){d.onload=null;d.onerror=null;c()}},wd=function(a,b,c,d){var e=O.XMLHttpRequest;if(!e)return!1;var g=new e;if(!("withCredentials"in g))return!1;a=a.replace(/^http:/
2022-03-03 07:35:31 UTC 765 IN Data Raw: 20 22 78 22 3a 69 66 28 61 2e 56 29 7b 61 2e 56 28 29 3b 63 28 29 3b 62 72 65 61 6b 7d 64 65 66 61 75 6c 74 3a 67 65 28 22 78 68 72 22 2c 22 62 72 63 22 2c 64 29 2c 63 28 29 7d 7d 7d 2c 78 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 4f 2e 6e 61 76 69 67 61 74 6f 72 2e 73 65 6e 64 42 65 61 63 6f 6e 3f 4f 2e 6e 61 76 69 67 61 74 6f 72 2e 73 65 6e 64 42 65 61 63 6f 6e 28 61 2c 62 29 3f 28 63 28 29 2c 21 30 29 3a 21 31 3a 21 31 7d 2c 67 65 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 31 3c 3d 31 30 30 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 7c 7c 47 28 22 3f 22 29 7c 7c 28 61 3d 5b 22 74 3d 65 72 72 6f 72 22 2c 22 5f 65 3d 22 2b 0a 61 2c 22 5f 76 3d 6a 39 36 22 2c 22 73 72 3d 31 22 5d 2c 62 26 26 61 2e 70 75 73 68 28 22 5f Data Ascii: "x":if(a.V){a.V();c();break}default:ge("xhr","brc",d),c()}}},x=function(a,b,c){return O.navigator.sendBeacon?O.navigator.sendBeacon(a,b)?(c(),!0):!1:!1},ge=function(a,b,c){1<=100*Math.random()||G("?")||(a=["t=error","_e="+a,"_v=j96","sr=1"],b&&a.push("_
2022-03-03 07:35:31 UTC 767 IN Data Raw: 53 61 28 61 29 7b 76 61 72 20 62 3d 50 28 61 2c 66 61 29 3b 21 62 26 26 61 2e 67 65 74 28 56 64 29 26 26 28 62 3d 22 62 65 61 63 6f 6e 22 29 3b 76 61 72 20 63 3d 50 28 61 2c 67 64 29 2c 64 3d 50 28 61 2c 6f 65 29 2c 65 3d 63 7c 7c 28 64 7c 7c 62 64 28 21 31 29 2b 22 22 29 2b 22 2f 63 6f 6c 6c 65 63 74 22 3b 73 77 69 74 63 68 28 50 28 61 2c 61 64 29 29 7b 63 61 73 65 20 22 64 22 3a 65 3d 63 7c 7c 28 64 7c 7c 62 64 28 21 31 29 2b 22 22 29 2b 22 2f 6a 2f 63 6f 6c 6c 65 63 74 22 3b 62 3d 61 2e 67 65 74 28 71 65 29 7c 7c 76 6f 69 64 20 30 3b 70 65 28 65 2c 50 28 61 2c 52 61 29 2c 62 2c 61 2e 5a 28 49 61 29 29 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 62 3f 28 63 3d 50 28 61 2c 52 61 29 2c 64 3d 28 64 3d 61 2e 5a 28 49 61 29 29 7c 7c 75 61 2c 22 69 6d 61 67 Data Ascii: Sa(a){var b=P(a,fa);!b&&a.get(Vd)&&(b="beacon");var c=P(a,gd),d=P(a,oe),e=c||(d||bd(!1)+"")+"/collect";switch(P(a,ad)){case "d":e=c||(d||bd(!1)+"")+"/j/collect";b=a.get(qe)||void 0;pe(e,P(a,Ra),b,a.Z(Ia));break;default:b?(c=P(a,Ra),d=(d=a.Z(Ia))||ua,"imag
2022-03-03 07:35:31 UTC 768 IN Data Raw: 6d 2f 22 29 26 26 28 62 3d 33 29 3b 21 62 26 26 45 65 28 4d 2e 63 6f 6f 6b 69 65 2e 73 70 6c 69 74 28 22 3b 20 22 29 2c 22 5f 5f 54 41 47 5f 41 53 53 49 53 54 41 4e 54 3d 78 22 29 26 26 28 62 3d 34 29 3b 69 66 28 21 62 29 7b 76 61 72 20 63 3d 4d 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 74 61 67 2d 61 73 73 69 73 74 61 6e 74 2d 70 72 65 73 65 6e 74 22 29 3b 6c 66 28 63 29 26 26 28 62 3d 35 29 7d 69 66 28 62 29 7b 4f 5b 22 67 6f 6f 67 6c 65 2e 74 61 67 6d 61 6e 61 67 65 72 2e 64 65 62 75 67 75 69 32 2e 71 75 65 75 65 22 5d 7c 7c 28 4f 5b 22 67 6f 6f 67 6c 65 2e 74 61 67 6d 61 6e 61 67 65 72 2e 64 65 62 75 67 75 69 32 2e 71 75 65 75 65 22 5d 3d 5b 5d 2c 49 64 28 22 68 74 74 70 73 3a 2f 2f 77 Data Ascii: m/")&&(b=3);!b&&Ee(M.cookie.split("; "),"__TAG_ASSISTANT=x")&&(b=4);if(!b){var c=M.documentElement.getAttribute("data-tag-assistant-present");lf(c)&&(b=5)}if(b){O["google.tagmanager.debugui2.queue"]||(O["google.tagmanager.debugui2.queue"]=[],Id("https://w
2022-03-03 07:35:31 UTC 769 IN Data Raw: 7d 2c 52 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 3d 61 2e 67 65 74 28 62 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 61 7c 7c 22 22 3d 3d 3d 61 3f 30 3a 4e 75 6d 62 65 72 28 61 29 7d 3b 59 61 2e 70 72 6f 74 6f 74 79 70 65 2e 5a 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 28 61 3d 74 68 69 73 2e 67 65 74 28 61 29 29 26 26 65 61 28 61 29 3f 61 3a 75 61 7d 3b 0a 59 61 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 29 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 61 29 66 6f 72 28 76 61 72 20 64 20 69 6e 20 61 29 61 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 26 26 61 62 28 74 68 69 73 2c 64 2c 61 5b 64 5d 2c 63 29 3b 65 6c 73 65 20 61 62 28 74 68 69 Data Ascii: },R=function(a,b){a=a.get(b);return void 0==a||""===a?0:Number(a)};Ya.prototype.Z=function(a){return(a=this.get(a))&&ea(a)?a:ua};Ya.prototype.set=function(a,b,c){if(a)if("object"==typeof a)for(var d in a)a.hasOwnProperty(d)&&ab(this,d,a[d],c);else ab(thi
2022-03-03 07:35:31 UTC 770 IN Data Raw: 22 2c 22 64 6c 22 2c 22 22 29 2c 6c 62 3d 53 28 22 72 65 66 65 72 72 65 72 22 2c 22 64 72 22 29 2c 6d 62 3d 53 28 22 70 61 67 65 22 2c 22 64 70 22 2c 22 22 29 3b 53 28 22 68 6f 73 74 6e 61 6d 65 22 2c 22 64 68 22 29 3b 0a 76 61 72 20 6e 62 3d 53 28 22 6c 61 6e 67 75 61 67 65 22 2c 22 75 6c 22 29 2c 6f 62 3d 53 28 22 65 6e 63 6f 64 69 6e 67 22 2c 22 64 65 22 29 3b 53 28 22 74 69 74 6c 65 22 2c 22 64 74 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4d 2e 74 69 74 6c 65 7c 7c 76 6f 69 64 20 30 7d 29 3b 63 62 28 22 63 6f 6e 74 65 6e 74 47 72 6f 75 70 28 5b 30 2d 39 5d 2b 29 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 62 62 28 61 5b 30 5d 2c 22 63 67 22 2b 61 5b 31 5d 29 7d 29 3b 76 61 72 20 70 62 3d 53 28 22 73 63 Data Ascii: ","dl",""),lb=S("referrer","dr"),mb=S("page","dp","");S("hostname","dh");var nb=S("language","ul"),ob=S("encoding","de");S("title","dt",function(){return M.title||void 0});cb("contentGroup([0-9]+)",function(a){return new bb(a[0],"cg"+a[1])});var pb=S("sc
2022-03-03 07:35:31 UTC 772 IN Data Raw: 2c 76 6f 69 64 20 30 2c 30 29 2c 58 61 3d 53 28 22 5f 74 69 22 2c 76 6f 69 64 20 30 2c 30 29 2c 57 61 3d 53 28 22 5f 74 6f 22 2c 76 6f 69 64 20 30 2c 32 30 29 3b 63 62 28 22 64 69 6d 65 6e 73 69 6f 6e 28 5b 30 2d 39 5d 2b 29 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 62 62 28 61 5b 30 5d 2c 22 63 64 22 2b 61 5b 31 5d 29 7d 29 3b 63 62 28 22 6d 65 74 72 69 63 28 5b 30 2d 39 5d 2b 29 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 62 62 28 61 5b 30 5d 2c 22 63 6d 22 2b 61 5b 31 5d 29 7d 29 3b 53 28 22 6c 69 6e 6b 65 72 50 61 72 61 6d 22 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 42 63 2c 64 62 29 3b 0a 76 61 72 20 5a 65 3d 54 28 22 5f 63 64 32 6c 22 2c 76 6f 69 64 20 30 2c 21 31 29 2c 6c 64 3d 53 Data Ascii: ,void 0,0),Xa=S("_ti",void 0,0),Wa=S("_to",void 0,20);cb("dimension([0-9]+)",function(a){return new bb(a[0],"cd"+a[1])});cb("metric([0-9]+)",function(a){return new bb(a[0],"cm"+a[1])});S("linkerParam",void 0,void 0,Bc,db);var Ze=T("_cd2l",void 0,!1),ld=S
2022-03-03 07:35:31 UTC 773 IN Data Raw: 67 65 22 2c 76 6f 69 64 20 30 2c 22 63 6f 6f 6b 69 65 22 29 2c 62 63 3d 54 28 22 61 6c 6c 6f 77 4c 69 6e 6b 65 72 22 2c 76 6f 69 64 20 30 2c 21 31 29 2c 63 63 3d 54 28 22 61 6c 6c 6f 77 41 6e 63 68 6f 72 22 2c 76 6f 69 64 20 30 2c 21 30 29 2c 4b 61 3d 54 28 22 73 61 6d 70 6c 65 52 61 74 65 22 2c 22 73 66 22 2c 31 30 30 29 2c 64 63 3d 54 28 22 73 69 74 65 53 70 65 65 64 53 61 6d 70 6c 65 52 61 74 65 22 2c 76 6f 69 64 20 30 2c 31 29 2c 65 63 3d 54 28 22 61 6c 77 61 79 73 53 65 6e 64 52 65 66 65 72 72 65 72 22 2c 76 6f 69 64 20 30 2c 21 31 29 2c 49 3d 54 28 22 5f 67 69 64 22 2c 22 5f 67 69 64 22 29 2c 6c 61 3d 54 28 22 5f 67 63 6e 22 29 2c 4b 64 3d 54 28 22 75 73 65 41 6d 70 43 6c 69 65 6e 74 49 64 22 29 2c 63 65 3d 54 28 22 5f 67 63 6c 69 64 22 29 2c 66 65 Data Ascii: ge",void 0,"cookie"),bc=T("allowLinker",void 0,!1),cc=T("allowAnchor",void 0,!0),Ka=T("sampleRate","sf",100),dc=T("siteSpeedSampleRate",void 0,1),ec=T("alwaysSendReferrer",void 0,!1),I=T("_gid","_gid"),la=T("_gcn"),Kd=T("useAmpClientId"),ce=T("_gclid"),fe
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 92 of 135
2022-03-03 07:35:31 UTC 774 IN Data Raw: 7d 2c 21 31 29 29 7d 7d 2c 45 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 4f 2e 70 65 72 66 6f 72 6d 61 6e 63 65 7c 7c 4f 2e 77 65 62 6b 69 74 50 65 72 66 6f 72 6d 61 6e 63 65 3b 62 3d 62 26 26 62 2e 74 69 6d 69 6e 67 3b 69 66 28 21 62 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 63 3d 62 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 3b 69 66 28 30 3d 3d 63 29 72 65 74 75 72 6e 21 31 3b 61 5b 45 62 5d 3d 62 2e 6c 6f 61 64 45 76 65 6e 74 53 74 61 72 74 2d 63 3b 61 5b 47 62 5d 3d 62 2e 64 6f 6d 61 69 6e 4c 6f 6f 6b 75 70 45 6e 64 2d 62 2e 64 6f 6d 61 69 6e 4c 6f 6f 6b 75 70 53 74 61 72 74 3b 0a 61 5b 4a 62 5d 3d 62 2e 63 6f 6e 6e 65 63 74 45 6e 64 2d 62 2e 63 6f 6e 6e 65 63 74 53 74 61 72 74 3b 61 5b 49 62 5d 3d 62 2e 72 65 73 70 6f 6e 73 65 Data Ascii: },!1))}},Ec=function(a){var b=O.performance||O.webkitPerformance;b=b&&b.timing;if(!b)return!1;var c=b.navigationStart;if(0==c)return!1;a[Eb]=b.loadEventStart-c;a[Gb]=b.domainLookupEnd-b.domainLookupStart;a[Jb]=b.connectEnd-b.connectStart;a[Ib]=b.response
2022-03-03 07:35:31 UTC 775 IN Data Raw: 74 65 29 2e 67 65 74 54 69 6d 65 28 29 29 3b 61 2e 64 61 74 61 2e 73 65 74 28 68 65 2c 63 29 3b 76 61 72 20 64 3d 7b 7d 2c 65 3d 50 28 61 2c 66 65 29 2c 67 3d 50 28 61 2c 69 65 29 2c 63 61 3d 6b 63 28 50 28 61 2c 59 62 29 29 2c 6c 3d 6c 63 28 50 28 61 2c 57 29 29 2c 6b 3d 50 28 61 2c 4e 61 29 2c 77 3d 50 28 61 2c 42 65 29 3b 67 26 26 22 61 77 2e 64 73 22 21 3d 67 3f 64 26 26 28 64 2e 75 61 3d 21 30 29 3a 28 62 3d 5b 22 31 22 2c 65 2c 43 63 28 62 29 5d 2e 6a 6f 69 6e 28 22 2e 22 29 2c 30 3c 3d 63 26 26 28 64 26 26 28 64 2e 74 61 3d 21 30 29 2c 7a 63 28 22 5f 67 61 63 5f 22 2b 43 63 28 6b 29 2c 62 2c 63 61 2c 6c 2c 6b 2c 63 2c 77 29 29 29 3b 6c 65 28 64 29 7d 7d 65 6c 73 65 20 4a 28 37 35 29 3b 0a 61 2e 67 65 74 28 6a 65 29 26 26 28 62 3d 50 28 61 2c 53 65 Data Ascii: te).getTime());a.data.set(he,c);var d={},e=P(a,fe),g=P(a,ie),ca=kc(P(a,Yb)),l=lc(P(a,W)),k=P(a,Na),w=P(a,Be);g&&"aw.ds"!=g?d&&(d.ua=!0):(b=["1",e,Cc(b)].join("."),0<=c&&(d&&(d.ta=!0),zc("_gac_"+Cc(k),b,ca,l,k,c,w)));le(d)}}else J(75);a.get(je)&&(b=P(a,Se
2022-03-03 07:35:31 UTC 777 IN Data Raw: 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 7c 7c 31 3e 61 2e 6c 65 6e 67 74 68 29 4a 28 31 32 29 3b 65 6c 73 65 7b 66 6f 72 28 76 61 72 20 64 3d 5b 5d 2c 65 3d 30 3b 65 3c 61 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 76 61 72 20 67 3d 61 5b 65 5d 3b 76 61 72 20 63 61 3d 67 2e 73 70 6c 69 74 28 22 2e 22 29 3b 76 61 72 20 6c 3d 63 61 2e 73 68 69 66 74 28 29 3b 28 22 47 41 31 22 3d 3d 6c 7c 7c 22 31 22 3d 3d 6c 29 26 26 31 3c 63 61 2e 6c 65 6e 67 74 68 3f 28 67 3d 63 61 2e 73 68 69 66 74 28 29 2e 73 70 6c 69 74 28 22 2d 22 29 2c 31 3d 3d 67 2e 6c 65 6e 67 74 68 26 26 28 67 5b 31 5d 3d 22 31 22 29 2c 67 5b 30 5d 2a 3d 31 2c 67 5b 31 5d 2a 3d 31 2c 63 61 3d 7b 48 3a 67 2c 73 3a 63 61 2e 6a 6f 69 6e 28 22 2e 22 29 7d 29 3a 63 61 3d 6b 64 2e 74 65 73 74 28 67 29 3f 7b Data Ascii: (a,b,c){if(!a||1>a.length)J(12);else{for(var d=[],e=0;e<a.length;e++){var g=a[e];var ca=g.split(".");var l=ca.shift();("GA1"==l||"1"==l)&&1<ca.length?(g=ca.shift().split("-"),1==g.length&&(g[1]="1"),g[0]*=1,g[1]*=1,ca={H:g,s:ca.join(".")}):ca=kd.test(g)?{
2022-03-03 07:35:31 UTC 778 IN Data Raw: 20 64 3d 5b 5d 2c 65 3d 43 61 28 61 29 3b 61 3d 22 5f 5f 75 74 6d 61 22 3d 3d 61 3f 36 3a 32 3b 66 6f 72 28 76 61 72 20 67 3d 30 3b 67 3c 65 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 7b 76 61 72 20 63 61 3d 28 22 22 2b 65 5b 67 5d 29 2e 73 70 6c 69 74 28 22 2e 22 29 3b 63 61 2e 6c 65 6e 67 74 68 3e 3d 61 26 26 64 2e 70 75 73 68 28 7b 68 61 73 68 3a 63 61 5b 30 5d 2c 52 3a 65 5b 67 5d 2c 4f 3a 63 61 7d 29 7d 69 66 28 30 21 3d 64 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 20 31 3d 3d 64 2e 6c 65 6e 67 74 68 3f 64 5b 30 5d 3a 5a 63 28 62 2c 64 29 7c 7c 5a 63 28 63 2c 64 29 7c 7c 5a 63 28 6e 75 6c 6c 2c 64 29 7c 7c 64 5b 30 5d 7d 66 75 6e 63 74 69 6f 6e 20 5a 63 28 61 2c 62 29 7b 69 66 28 6e 75 6c 6c 3d 3d 61 29 76 61 72 20 63 3d 61 3d 31 3b 65 6c 73 65 20 63 3d 4c Data Ascii: d=[],e=Ca(a);a="__utma"==a?6:2;for(var g=0;g<e.length;g++){var ca=(""+e[g]).split(".");ca.length>=a&&d.push({hash:ca[0],R:e[g],O:ca})}if(0!=d.length)return 1==d.length?d[0]:Zc(b,d)||Zc(c,d)||Zc(null,d)||d[0]}function Zc(a,b){if(null==a)var c=a=1;else c=L
2022-03-03 07:35:31 UTC 779 IN Data Raw: 34 34 31 64 0d 0a 72 41 67 65 6e 74 2c 63 2e 67 65 74 54 69 6d 65 7a 6f 6e 65 4f 66 66 73 65 74 28 29 2c 63 2e 67 65 74 59 65 61 72 28 29 2c 63 2e 67 65 74 44 61 74 65 28 29 2c 63 2e 67 65 74 48 6f 75 72 73 28 29 2c 63 2e 67 65 74 4d 69 6e 75 74 65 73 28 29 2b 62 5d 3b 66 6f 72 28 62 3d 30 3b 62 3c 65 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 61 2e 70 75 73 68 28 65 5b 62 5d 2e 64 65 73 63 72 69 70 74 69 6f 6e 29 3b 72 65 74 75 72 6e 20 4c 61 28 61 2e 6a 6f 69 6e 28 22 2e 22 29 29 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 2c 62 29 7b 76 61 72 20 63 3d 6e 65 77 20 44 61 74 65 2c 64 3d 4f 2e 6e 61 76 69 67 61 74 6f 72 2c 65 3d 63 2e 67 65 74 48 6f 75 72 73 28 29 2b 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 63 2e 67 65 74 4d 69 6e 75 74 65 73 28 29 2b 62 29 2f 36 30 29 Data Ascii: 441drAgent,c.getTimezoneOffset(),c.getYear(),c.getDate(),c.getHours(),c.getMinutes()+b];for(b=0;b<e.length;++b)a.push(e[b].description);return La(a.join("."))}function pa(a,b){var c=new Date,d=O.navigator,e=c.getHours()+Math.floor((c.getMinutes()+b)/60)
2022-03-03 07:35:31 UTC 780 IN Data Raw: 5b 31 5d 3b 64 3d 64 5b 30 5d 3b 66 6f 72 28 76 61 72 20 67 3d 62 2e 63 68 69 6c 64 4e 6f 64 65 73 7c 7c 5b 5d 2c 63 61 3d 21 31 2c 6c 3d 30 3b 6c 3c 67 2e 6c 65 6e 67 74 68 3b 6c 2b 2b 29 69 66 28 67 5b 6c 5d 2e 6e 61 6d 65 3d 3d 64 29 7b 67 5b 6c 5d 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 76 61 6c 75 65 22 2c 65 29 3b 63 61 3d 21 30 3b 62 72 65 61 6b 7d 63 61 7c 7c 28 67 3d 4d 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 2c 67 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 67 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 64 29 2c 67 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 76 61 6c 75 65 22 2c 65 29 2c 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 67 29 29 7d 7d Data Ascii: [1];d=d[0];for(var g=b.childNodes||[],ca=!1,l=0;l<g.length;l++)if(g[l].name==d){g[l].setAttribute("value",e);ca=!0;break}ca||(g=M.createElement("input"),g.setAttribute("type","hidden"),g.setAttribute("name",d),g.setAttribute("value",e),b.appendChild(g))}}
2022-03-03 07:35:31 UTC 781 IN Data Raw: 63 74 69 6f 6e 20 6b 65 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 62 21 3d 49 63 28 61 2c 30 29 26 26 62 21 3d 49 63 28 61 2c 2d 31 29 26 26 62 21 3d 49 63 28 61 2c 2d 32 29 26 26 62 21 3d 70 61 28 61 2c 30 29 26 26 62 21 3d 70 61 28 61 2c 2d 31 29 26 26 62 21 3d 70 61 28 61 2c 2d 32 29 7d 66 75 6e 63 74 69 6f 6e 20 24 65 28 61 29 7b 76 61 72 20 62 3d 61 66 28 61 29 2c 63 3d 7b 7d 3b 63 2e 5f 67 61 3d 61 2e 67 65 74 28 51 29 3b 63 2e 5f 67 69 64 3d 61 2e 67 65 74 28 49 29 7c 7c 76 6f 69 64 20 30 3b 63 2e 5f 67 61 63 3d 62 3f 5b 62 2e 71 61 2c 62 2e 74 69 6d 65 73 74 61 6d 70 5d 2e 6a 6f 69 6e 28 22 2e 22 29 3a 76 6f 69 64 20 30 3b 62 3d 61 2e 67 65 74 28 41 65 29 3b 61 3d 45 64 28 61 29 3b 72 65 74 75 72 6e 20 63 2e 5f 66 70 6c 63 3d 62 26 26 22 30 22 21 3d Data Ascii: ction ke(a,b){return b!=Ic(a,0)&&b!=Ic(a,-1)&&b!=Ic(a,-2)&&b!=pa(a,0)&&b!=pa(a,-1)&&b!=pa(a,-2)}function $e(a){var b=af(a),c={};c._ga=a.get(Q);c._gid=a.get(I)||void 0;c._gac=b?[b.qa,b.timestamp].join("."):void 0;b=a.get(Ae);a=Ed(a);return c._fplc=b&&"0"!=
2022-03-03 07:35:31 UTC 783 IN Data Raw: 31 3d 3d 3d 65 3f 28 67 2e 69 61 3d 21 21 61 2e 67 65 74 28 22 61 6e 6f 6e 79 6d 69 7a 65 49 70 22 29 2c 67 2e 73 79 6e 63 3d 64 2c 62 3d 53 74 72 69 6e 67 28 61 2e 67 65 74 28 22 6e 61 6d 65 22 29 29 2c 22 74 30 22 21 3d 62 26 26 28 67 2e 74 61 72 67 65 74 3d 62 29 2c 47 28 53 74 72 69 6e 67 28 61 2e 67 65 74 28 22 74 72 61 63 6b 69 6e 67 49 64 22 29 29 29 7c 7c 28 67 2e 63 6c 69 65 6e 74 49 64 3d 53 74 72 69 6e 67 28 61 2e 67 65 74 28 51 29 29 2c 67 2e 6b 61 3d 4e 75 6d 62 65 72 28 61 2e 67 65 74 28 6e 29 29 2c 0a 63 3d 63 2e 70 61 6c 69 6e 64 72 6f 6d 65 3f 72 3a 71 2c 63 3d 28 63 3d 4d 2e 63 6f 6f 6b 69 65 2e 72 65 70 6c 61 63 65 28 2f 5e 7c 28 3b 20 2b 29 2f 67 2c 22 3b 22 29 2e 6d 61 74 63 68 28 63 29 29 3f 63 2e 73 6f 72 74 28 29 2e 6a 6f 69 6e 28 Data Ascii: 1===e?(g.ia=!!a.get("anonymizeIp"),g.sync=d,b=String(a.get("name")),"t0"!=b&&(g.target=b),G(String(a.get("trackingId")))||(g.clientId=String(a.get(Q)),g.ka=Number(a.get(n)),c=c.palindrome?r:q,c=(c=M.cookie.replace(/^|(; +)/g,";").match(c))?c.sort().join(
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 93 of 135
2022-03-03 07:35:31 UTC 784 IN Data Raw: 64 29 2c 64 28 69 61 29 2c 64 28 49 29 29 3b 21 31 3d 3d 3d 61 2e 67 65 74 28 78 65 29 26 26 63 2e 73 65 74 28 22 6e 70 61 22 2c 22 31 22 29 3b 63 2e 73 65 74 28 24 61 28 6c 64 29 2e 46 2c 54 64 28 61 29 29 3b 76 61 72 20 65 3d 22 22 3b 63 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 67 2c 63 61 29 7b 65 2b 3d 4b 28 67 29 2b 22 3d 22 3b 65 2b 3d 4b 28 22 22 2b 63 61 29 2b 22 26 22 7d 29 3b 65 2b 3d 22 7a 3d 22 2b 0a 68 64 28 29 3b 31 3d 3d 62 3f 65 3d 22 74 3d 64 63 26 61 69 70 3d 31 26 5f 72 3d 33 26 22 2b 65 3a 32 3d 3d 62 26 26 28 65 3d 22 74 3d 73 72 26 61 69 70 3d 31 26 5f 72 3d 34 26 73 6c 66 5f 72 64 3d 31 26 22 2b 65 29 3b 72 65 74 75 72 6e 20 65 7d 2c 4d 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 4e 65 28 61 29 29 72 65 74 75 72 6e 20 48 5b Data Ascii: d),d(ia),d(I));!1===a.get(xe)&&c.set("npa","1");c.set($a(ld).F,Td(a));var e="";c.map(function(g,ca){e+=K(g)+"=";e+=K(""+ca)+"&"});e+="z="+hd();1==b?e="t=dc&aip=1&_r=3&"+e:2==b&&(e="t=sr&aip=1&_r=4&slf_rd=1&"+e);return e},Me=function(a){if(Ne(a))return H[
2022-03-03 07:35:31 UTC 785 IN Data Raw: 61 5b 46 5d 29 3b 62 28 68 62 2c 31 29 3b 62 28 69 62 2c 22 6a 39 36 22 29 3b 63 28 52 65 2c 50 65 29 3b 63 28 51 62 2c 0a 4d 61 29 3b 63 28 6f 61 2c 75 61 29 3b 63 28 64 64 2c 63 64 29 3b 63 28 52 62 2c 4f 61 29 3b 63 28 6d 64 2c 76 62 29 3b 63 28 53 62 2c 6e 63 29 3b 63 28 55 63 2c 59 63 29 3b 63 28 54 62 2c 4a 61 29 3b 63 28 56 62 2c 54 61 29 3b 63 28 56 63 2c 48 63 29 3b 63 28 7a 64 2c 79 64 29 3b 63 28 4c 64 2c 53 64 29 3b 63 28 7a 65 2c 46 65 29 3b 63 28 57 62 2c 50 61 29 3b 63 28 58 62 2c 53 61 29 3b 63 28 43 64 2c 46 64 28 74 68 69 73 29 29 3b 70 64 28 74 68 69 73 2e 6d 6f 64 65 6c 29 3b 74 64 28 74 68 69 73 2e 6d 6f 64 65 6c 2c 61 5b 51 5d 29 3b 74 68 69 73 2e 6d 6f 64 65 6c 2e 73 65 74 28 6a 62 2c 4c 63 28 29 29 7d 3b 70 63 2e 70 72 6f 74 6f 74 Data Ascii: a[F]);b(hb,1);b(ib,"j96");c(Re,Pe);c(Qb,Ma);c(oa,ua);c(dd,cd);c(Rb,Oa);c(md,vb);c(Sb,nc);c(Uc,Yc);c(Tb,Ja);c(Vb,Ta);c(Vc,Hc);c(zd,yd);c(Ld,Sd);c(ze,Fe);c(Wb,Pa);c(Xb,Sa);c(Cd,Fd(this));pd(this.model);td(this.model,a[Q]);this.model.set(jb,Lc())};pc.protot
2022-03-03 07:35:31 UTC 786 IN Data Raw: 61 29 5d 2c 6c 65 28 63 29 2c 64 26 26 30 21 3d 64 2e 6c 65 6e 67 74 68 26 26 28 63 3d 64 5b 30 5d 2c 61 2e 64 61 74 61 2e 73 65 74 28 66 65 2c 63 2e 74 69 6d 65 73 74 61 6d 70 2f 31 45 33 29 2c 61 2e 64 61 74 61 2e 73 65 74 28 63 65 2c 63 2e 71 61 29 29 29 3b 61 2e 67 65 74 28 6a 65 29 26 26 28 63 3d 61 2e 67 65 74 28 53 65 29 2c 64 3d 7b 7d 2c 65 3d 28 4d 3f 64 66 28 64 2c 22 5f 67 61 63 5f 67 62 22 2c 21 30 29 3a 7b 7d 29 5b 50 28 61 2c 4e 61 29 5d 2c 65 66 28 64 29 2c 65 26 26 30 21 3d 65 2e 6c 65 6e 67 74 68 26 26 28 64 3d 65 5b 30 5d 2c 65 3d 64 2e 71 61 2c 63 26 26 63 21 3d 3d 65 7c 7c 28 64 2e 6c 61 62 65 6c 73 26 26 64 2e 6c 61 62 65 6c 73 2e 6c 65 6e 67 74 68 26 26 28 65 2b 3d 22 2e 22 2b 64 2e 6c 61 62 65 6c 73 2e 6a 6f 69 6e 28 22 2e 22 29 29 Data Ascii: a)],le(c),d&&0!=d.length&&(c=d[0],a.data.set(fe,c.timestamp/1E3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(Se),d={},e=(M?df(d,"_gac_gb",!0):{})[P(a,Na)],ef(d),e&&0!=e.length&&(d=e[0],e=d.qa,c&&c!==e||(d.labels&&d.labels.length&&(e+="."+d.labels.join("."))
2022-03-03 07:35:31 UTC 788 IN Data Raw: 73 74 72 69 6e 67 28 31 29 3b 69 66 28 6b 65 28 65 2b 64 2c 63 29 29 7b 4a 28 35 33 29 3b 62 72 65 61 6b 20 62 7d 65 26 26 28 4a 28 32 29 2c 61 2e 64 61 74 61 2e 73 65 74 28 49 2c 65 29 29 7d 65 6c 73 65 7b 4a 28 32 32 29 3b 62 72 65 61 6b 20 62 7d 4a 28 31 31 29 3b 61 2e 64 61 74 61 2e 73 65 74 28 51 2c 64 29 3b 69 66 28 63 3d 62 65 28 22 5f 67 61 63 22 2c 21 21 61 2e 67 65 74 28 63 63 29 29 29 63 3d 63 2e 73 70 6c 69 74 28 22 2e 22 29 2c 22 31 22 21 3d 63 5b 30 5d 7c 7c 34 21 3d 63 2e 6c 65 6e 67 74 68 3f 4a 28 37 32 29 3a 6b 65 28 63 5b 33 5d 2c 0a 63 5b 31 5d 29 3f 4a 28 37 31 29 3a 28 61 2e 64 61 74 61 2e 73 65 74 28 63 65 2c 63 5b 33 5d 29 2c 61 2e 64 61 74 61 2e 73 65 74 28 66 65 2c 63 5b 32 5d 29 2c 4a 28 37 30 29 29 7d 7d 65 6c 73 65 20 4a 28 32 Data Ascii: string(1);if(ke(e+d,c)){J(53);break b}e&&(J(2),a.data.set(I,e))}else{J(22);break b}J(11);a.data.set(Q,d);if(c=be("_gac",!!a.get(cc)))c=c.split("."),"1"!=c[0]||4!=c.length?J(72):ke(c[3],c[1])?J(71):(a.data.set(ce,c[3]),a.data.set(fe,c[2]),J(70))}}else J(2
2022-03-03 07:35:31 UTC 789 IN Data Raw: 69 65 6e 74 48 65 69 67 68 74 5d 29 3b 63 3d 30 3e 3d 63 61 5b 30 5d 7c 7c 30 3e 3d 63 61 5b 31 5d 3f 22 22 3a 63 61 2e 6a 6f 69 6e 28 22 78 22 29 3b 61 2e 73 65 74 28 72 62 2c 63 29 3b 63 3d 61 2e 73 65 74 3b 76 61 72 20 6b 3b 69 66 28 28 65 3d 28 65 3d 4f 2e 6e 61 76 69 67 61 74 6f 72 29 3f 65 2e 70 6c 75 67 69 6e 73 3a 6e 75 6c 6c 29 26 26 65 2e 6c 65 6e 67 74 68 29 66 6f 72 28 6c 3d 30 3b 6c 3c 65 2e 6c 65 6e 67 74 68 26 26 21 6b 3b 6c 2b 2b 29 63 61 3d 65 5b 6c 5d 2c 2d 31 3c 63 61 2e 6e 61 6d 65 2e 69 6e 64 65 78 4f 66 28 22 53 68 6f 63 6b 77 61 76 65 20 46 6c 61 73 68 22 29 26 26 28 6b 3d 63 61 2e 64 65 73 63 72 69 70 74 69 6f 6e 29 3b 69 66 28 21 6b 29 74 72 79 7b 76 61 72 20 77 3d 6e 65 77 20 41 63 74 69 76 65 58 4f 62 6a 65 63 74 28 22 53 68 6f Data Ascii: ientHeight]);c=0>=ca[0]||0>=ca[1]?"":ca.join("x");a.set(rb,c);c=a.set;var k;if((e=(e=O.navigator)?e.plugins:null)&&e.length)for(l=0;l<e.length&&!k;l++)ca=e[l],-1<ca.name.indexOf("Shockwave Flash")&&(k=ca.description);if(!k)try{var w=new ActiveXObject("Sho
2022-03-03 07:35:31 UTC 790 IN Data Raw: 22 67 63 6c 73 72 63 22 29 7c 7c 44 28 62 5b 6b 5d 2c 22 77 62 72 61 69 64 22 29 29 26 26 64 2e 70 75 73 68 28 62 5b 6b 5d 29 3b 30 3c 64 2e 6c 65 6e 67 74 68 26 26 28 62 3d 22 23 22 2b 64 2e 6a 6f 69 6e 28 22 26 22 29 2c 61 2e 73 65 74 28 6b 62 2c 61 2e 67 65 74 28 6b 62 29 2b 62 29 29 7d 7d 2c 0a 6d 65 3d 7b 70 61 67 65 76 69 65 77 3a 5b 6d 62 5d 2c 65 76 65 6e 74 3a 5b 75 62 2c 78 62 2c 79 62 2c 7a 62 5d 2c 73 6f 63 69 61 6c 3a 5b 42 62 2c 43 62 2c 44 62 5d 2c 74 69 6d 69 6e 67 3a 5b 4d 62 2c 4e 62 2c 50 62 2c 4f 62 5d 7d 3b 76 61 72 20 72 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 22 70 72 65 72 65 6e 64 65 72 22 3d 3d 4d 2e 76 69 73 69 62 69 6c 69 74 79 53 74 61 74 65 29 72 65 74 75 72 6e 21 31 3b 61 28 29 3b 72 65 74 75 72 6e 21 30 7d 2c 7a Data Ascii: "gclsrc")||D(b[k],"wbraid"))&&d.push(b[k]);0<d.length&&(b="#"+d.join("&"),a.set(kb,a.get(kb)+b))}},me={pageview:[mb],event:[ub,xb,yb,zb],social:[Bb,Cb,Db],timing:[Mb,Nb,Pb,Ob]};var rc=function(a){if("prerender"==M.visibilityState)return!1;a();return!0},z
2022-03-03 07:35:31 UTC 792 IN Data Raw: 3a 34 35 2c 65 63 6f 6d 6d 65 72 63 65 3a 34 36 2c 6c 69 6e 6b 69 64 3a 34 37 7d 3b 0a 76 61 72 20 75 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 62 3d 3d 4e 7c 7c 62 2e 67 65 74 28 56 29 3b 76 61 72 20 64 3d 59 64 2e 67 65 74 28 61 29 3b 69 66 28 21 65 61 28 64 29 29 72 65 74 75 72 6e 21 31 3b 62 2e 70 6c 75 67 69 6e 73 5f 3d 62 2e 70 6c 75 67 69 6e 73 5f 7c 7c 6e 65 77 20 65 65 3b 69 66 28 62 2e 70 6c 75 67 69 6e 73 5f 2e 67 65 74 28 61 29 29 72 65 74 75 72 6e 21 30 3b 62 2e 70 6c 75 67 69 6e 73 5f 2e 73 65 74 28 61 2c 6e 65 77 20 64 28 62 2c 63 7c 7c 7b 7d 29 29 3b 72 65 74 75 72 6e 21 30 7d 2c 79 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 69 66 28 21 65 61 28 59 64 2e 67 65 74 28 62 29 29 26 26 21 24 64 2e 67 65 74 28 62 29 Data Ascii: :45,ecommerce:46,linkid:47};var u=function(a,b,c){b==N||b.get(V);var d=Yd.get(a);if(!ea(d))return!1;b.plugins_=b.plugins_||new ee;if(b.plugins_.get(a))return!0;b.plugins_.set(a,new d(b,c||{}));return!0},y=function(a,b,c,d,e){if(!ea(Yd.get(b))&&!$d.get(b)
2022-03-03 07:35:31 UTC 793 IN Data Raw: 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 3b 72 65 74 75 72 6e 22 68 74 74 70 73 3a 22 3d 3d 61 7c 7c 61 3d 3d 62 3f 21 30 3a 22 68 74 74 70 3a 22 21 3d 61 3f 21 31 3a 22 68 74 74 70 3a 22 3d 3d 62 7d 2c 6b 66 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 68 6f 73 74 6e 61 6d 65 7c 7c 22 22 2c 63 3d 30 3c 3d 62 2e 69 6e 64 65 78 4f 66 28 22 5d 22 29 3b 62 3d 62 2e 73 70 6c 69 74 28 63 3f 22 5d 22 3a 22 3a 22 29 5b 30 5d 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 63 26 26 28 62 2b 3d 22 5d 22 29 3b 63 3d 28 61 2e 70 72 6f 74 6f 63 6f 6c 7c 7c 22 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 63 3d 31 2a 61 2e 70 6f 72 74 7c 7c 28 22 68 74 74 70 3a 22 3d 3d 63 3f 38 30 3a 22 68 74 74 70 73 3a 22 3d 3d 63 3f 34 34 33 3a 0a 22 22 29 3b 61 3d Data Ascii: ion.protocol;return"https:"==a||a==b?!0:"http:"!=a?!1:"http:"==b},kf=function(a){var b=a.hostname||"",c=0<=b.indexOf("]");b=b.split(c?"]":":")[0].toLowerCase();c&&(b+="]");c=(a.protocol||"").toLowerCase();c=1*a.port||("http:"==c?80:"https:"==c?443:"");a=
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 94 of 135
2022-03-03 07:35:31 UTC 794 IN Data Raw: 63 61 6c 6c 28 4f 2c 4e 2e 6a 28 22 74 30 22 29 29 3b 65 6c 73 65 7b 76 61 72 20 62 3d 61 2e 64 61 3d 3d 67 62 3f 4e 3a 4e 2e 6a 28 61 2e 64 61 29 3b 69 66 28 61 2e 41 29 7b 69 66 28 22 74 30 22 3d 3d 61 2e 64 61 26 26 28 62 3d 4e 2e 63 72 65 61 74 65 2e 61 70 70 6c 79 28 4e 2c 61 2e 61 61 29 2c 6e 75 6c 6c 3d 3d 3d 62 29 29 72 65 74 75 72 6e 21 30 7d 65 6c 73 65 20 69 66 28 61 2e 62 61 29 4e 2e 72 65 6d 6f 76 65 28 61 2e 64 61 29 3b 65 6c 73 65 20 69 66 28 62 29 69 66 28 61 2e 69 29 7b 69 66 28 61 2e 68 61 26 26 28 61 2e 68 61 3d 79 28 61 2e 64 61 2c 61 2e 61 61 5b 30 5d 2c 61 2e 58 2c 61 2e 57 29 29 2c 21 75 28 61 2e 61 61 5b 30 5d 2c 62 2c 61 2e 57 29 29 72 65 74 75 72 6e 21 30 7d 65 6c 73 65 20 69 66 28 61 2e 4b 29 7b 76 61 72 20 63 3d 61 2e 6d 65 74 Data Ascii: call(O,N.j("t0"));else{var b=a.da==gb?N:N.j(a.da);if(a.A){if("t0"==a.da&&(b=N.create.apply(N,a.aa),null===b))return!0}else if(a.ba)N.remove(a.da);else if(b)if(a.i){if(a.ha&&(a.ha=y(a.da,a.aa[0],a.X,a.W)),!u(a.aa[0],b,a.W))return!0}else if(a.K){var c=a.met
2022-03-03 07:35:31 UTC 795 IN Data Raw: 22 68 74 74 70 73 3a 22 21 3d 4d 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 26 26 21 42 61 29 7b 61 3a 7b 62 3d 4d 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 3b 0a 66 6f 72 28 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 26 26 31 30 30 3e 63 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 2e 73 72 63 3b 69 66 28 64 26 26 30 3d 3d 64 2e 69 6e 64 65 78 4f 66 28 62 64 28 21 30 29 2b 22 2f 61 6e 61 6c 79 74 69 63 73 22 29 29 7b 62 3d 21 30 3b 62 72 65 61 6b 20 61 7d 7d 62 3d 21 31 7d 62 26 26 28 42 61 3d 21 30 29 7d 28 4f 2e 67 61 70 6c 75 67 69 6e 73 3d 4f 2e 67 61 70 6c 75 67 69 6e 73 7c 7c 7b 7d 29 2e 4c 69 6e 6b 65 72 3d 44 63 3b 62 3d 44 63 2e 70 72 6f 74 6f 74 79 70 65 3b 43 28 22 6c 69 6e 6b 65 Data Ascii: "https:"!=M.location.protocol&&!Ba){a:{b=M.getElementsByTagName("script");for(c=0;c<b.length&&100>c;c++){var d=b[c].src;if(d&&0==d.indexOf(bd(!0)+"/analytics")){b=!0;break a}}b=!1}b&&(Ba=!0)}(O.gaplugins=O.gaplugins||{}).Linker=Dc;b=Dc.prototype;C("linke
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
23 192.168.2.3 49789 142.250.185.110 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:31 UTC 745 OUT POST /g/collect?v=2&tid=G-FXBF6BRJ0L>m=2oe2s0&_p=2121387655&_z=ccd.B&cid=401028957.1646325331&ul=en-us&sr=1280x1024&_s=1&sid=1646325330&sct=1&seg=0&dl=https%3A%2F%2Fwww.officefootballpool.com%2Fpools.cfm%3Fpoolid%3D24147%26p%3D2%26pwd%3Dbracket2022&dt=Join%20My%20Pool%20named%20%27Pick-The-Bracket%27&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1Host: www.google-analytics.comConnection: keep-aliveContent-Length: 0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://www.officefootballpool.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
2022-03-03 07:35:31 UTC 762 IN HTTP/1.1 204 No ContentAccess-Control-Allow-Origin: https://www.officefootballpool.comDate: Thu, 03 Mar 2022 07:35:31 GMTPragma: no-cacheExpires: Fri, 01 Jan 1990 00:00:00 GMTCache-Control: no-cache, no-store, must-revalidateAccess-Control-Allow-Credentials: trueContent-Type: text/plainCross-Origin-Resource-Policy: cross-originServer: Golfe2Content-Length: 0Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Connection: close
Session ID Source IP Source Port Destination IPDestinationPort
Process
24 192.168.2.3 49771 142.250.185.195 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 95 of 135
2022-03-03 07:35:31 UTC 835 OUT GET /s/anton/v22/1Ptgg87LROyAm3Kz-C8.woff2 HTTP/1.1Host: fonts.gstatic.comConnection: keep-aliveOrigin: https://www.officefootballpool.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.googleapis.com/css?family=Anton&display=swapAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
2022-03-03 07:35:31 UTC 836 IN HTTP/1.1 200 OKAccept-Ranges: bytesAccess-Control-Allow-Origin: *Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themesCross-Origin-Resource-Policy: cross-originCross-Origin-Opener-Policy-Report-Only: same-origin; report-to="apps-themes"Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}Timing-Allow-Origin: *Content-Length: 17020X-Content-Type-Options: nosniffServer: sffeX-XSS-Protection: 0Date: Wed, 02 Mar 2022 19:51:37 GMTExpires: Thu, 02 Mar 2023 19:51:37 GMTCache-Control: public, max-age=31536000Age: 42234Last-Modified: Wed, 26 Jan 2022 19:18:15 GMTContent-Type: font/woff2Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Connection: close
2022-03-03 07:35:31 UTC 837 IN Data Raw: 77 4f 46 32 00 01 00 00 00 00 42 7c 00 11 00 00 00 00 9a 50 00 00 42 18 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 81 64 1b 83 78 1c 85 28 06 60 00 85 18 08 81 3e 09 9c 0c 11 08 0a 81 e7 34 81 cb 53 0b 84 1c 00 01 36 02 24 03 88 34 04 20 05 84 0c 07 88 74 0c 81 61 1b 2f 89 25 6c 5c c5 ec 76 20 44 42 ea 27 c5 48 84 b0 71 40 9b 07 7e d5 67 07 6a d8 38 80 fd 31 57 14 ff ff 35 41 8b 31 7c a8 0e 55 67 ae c2 21 98 a4 a2 28 42 90 d6 23 83 9a 32 a3 d4 aa fc 9a cd ac 59 e8 be 10 41 51 90 68 fc bc 67 29 7e b8 71 a5 bb f6 98 f7 b1 e7 bf 59 9f a4 a0 9b 56 d9 48 23 18 1e b0 e6 39 49 61 37 b7 8f e2 12 48 ff 78 4d 2a 31 8c 2f 16 d7 4e eb 37 2f 06 ca 6d 39 86 ac 9c bc 3c ff ff 76 1f ff 73 ed 7d aa ea 3e 90 d1 f3 27 9d 41 19 81 48 a1 d0 e3 Data Ascii: wOF2B|PBdx(`>4S6$4 ta/%l\v DB'Hq@~gj81W5A1|Ug!(B#2YAQhg)~qYVH#9Ia7HxM*1/N7/m9<vs}>'AH
2022-03-03 07:35:31 UTC 837 IN Data Raw: 3d 6c b3 42 b7 98 24 84 d0 e2 21 58 4d 57 6c ce e4 2b fe 78 bc 57 8e 9e ff a8 b3 7a ef 4b 96 65 c5 31 50 c0 61 27 99 59 66 2d 41 b2 07 e4 03 6e af dd a6 98 ed 9a 2b ca b5 5e 7f e6 85 8a 0a 48 81 51 36 95 fd fe 0f d0 01 ae 29 e1 3b d6 06 25 53 51 bb a8 d5 55 23 1d 2e 6f f7 95 cc 2c 33 0b 57 2a c5 6e 2b f1 fc 70 66 ff 51 5d d3 13 ca e4 0d 0e 84 7f fe b7 f9 6e ed 78 48 1f a6 ca 4c 98 fb e9 a3 a8 1d 34 7b 8f 99 3e 4b e0 9a 59 b2 96 7b c4 2c 33 21 f7 92 6d 2a 16 95 0a bf 7b 99 1e 9a 92 ae d2 87 aa 46 35 06 0d 90 76 f6 52 f7 d5 3e 47 14 dc f6 b1 0b 5c 7a 45 53 13 6f b7 50 38 d4 99 d2 c9 a8 d3 c5 0f 5b c7 8e b3 29 d0 f8 01 c0 b6 96 b8 bf d9 3f 17 98 37 44 27 df b5 50 d1 5a 76 0d ee 1d cb 80 23 67 df a8 37 22 c0 ca e7 ca 54 2b 9d de 05 28 90 3a b7 e7 a5 7b 77 5e Data Ascii: =lB$!XMWl+xWzKe1Pa'Yf-An+^HQ6);%SQU#.o,3W*n+pfQ]nxHL4{>KY{,3!m*{F5vR>G\zESoP8[)?7D'PZv#g7"T+(:{w^
2022-03-03 07:35:31 UTC 838 IN Data Raw: b9 09 43 32 5d 10 e2 9e 73 ce 0b 77 4d 8a f5 2e 7a 1d 94 43 be f9 60 95 65 5e 78 aa c0 6e c9 66 f4 2a d3 ea 26 3e b8 05 16 42 33 64 ce 82 25 0c 5b 78 76 ec 11 38 72 45 e5 c6 9d 07 1a 06 5f 7e fc 05 10 8a 22 12 6a 1e bc 14 4b a4 38 2a 5a 95 1a ad b3 41 a7 6e 3d fa ed 32 ec 8c 1b ee 7b e4 ad 5f 81 a4 d2 19 d9 89 11 4d 20 0c 4c 85 44 6f 28 a3 4b ec 09 0d 85 13 da f4 99 35 6d 80 da 75 3f 7d 11 64 d0 59 57 c4 3b ee a4 76 c7 1c f5 d9 38 14 04 5d fa 90 f4 e8 30 60 ca 88 31 13 38 56 ac d9 30 e3 80 cc 89 33 0a 92 9d 5c f8 f0 42 e7 8d c9 53 93 60 8b 04 8a c0 c1 c3 25 91 ff bb f2 6b e6 0e 1b 6d b6 c5 12 fb 8c 1a b1 df 69 07 a4 3b e5 9f df fe f8 1b 1d ef 83 40 74 90 dc 62 a5 4a 4c 9a 72 cb 0e 8f 9d d6 15 d7 f6 fa e6 5d 3e 1b 30 91 3c 48 88 df 5a 56 4b 60 bd 78 7e 72 Data Ascii: C2]swM.zC`e^xnf*&>B3d%[xv8rE_~"jK8*ZAn=2{_M LDo(K5mu?}dYW;v8]0`18V03\BS`%kmi;@tbJLr]>0<HZVK`x~r
2022-03-03 07:35:31 UTC 839 IN Data Raw: 9d d0 71 48 f1 1b 93 b5 d2 88 c1 10 20 a4 6f c4 90 c4 02 4f 2c 3f ef 38 75 56 45 72 a1 b8 da 4e 73 24 ea b6 05 1f 7a 44 a0 d7 18 64 10 93 f5 e5 81 09 8f a2 74 58 fa 10 50 34 c6 32 f8 18 83 99 c4 fd 4d e5 03 7c 17 5a ac 8b 77 da d9 80 76 01 8d 16 31 2e 0d fa bc 81 e1 a1 2c 98 f3 6a cc 0c 4b fc e0 93 2f 16 03 f5 dd 88 7d 4e 5e c3 fd 81 8e 79 88 1a 7d 49 d9 c6 47 0c bb 6e df 02 d6 ad 2d 57 d3 72 57 33 ed d3 17 dd 77 bb c3 3f e3 50 34 dd a5 7e 0e de 0f b1 e9 2f c0 07 91 57 19 33 6d 15 f3 5d 82 0c 1a b6 bc ba 46 5e 46 d1 64 a9 95 fd 1f 4b 8c 13 77 00 7e e8 32 b9 10 ad 2c 4b c9 7c 85 e2 86 5d 61 99 27 f6 5f c4 28 97 d1 32 6c 66 17 5e 97 65 e7 b3 a6 d1 9b b6 e4 f5 5c dc 0f df 88 37 12 cd 8d 5e a0 6a 93 e6 08 78 6b d5 b3 df ae 28 73 fd 76 d7 73 bb 33 23 ef da de Data Ascii: qH oO,?8uVErNs$zDdtXP42M|Zwv1.,jK/}N^y}IGn-WrW3w?P4~/W3m]F^FdKw~2,K|]a'_(2lf^e\7^jxk(svs3#
2022-03-03 07:35:31 UTC 841 IN Data Raw: 91 08 0d 0b c6 7b 12 a1 fc cf 7b ff 97 27 1b d4 6b 75 17 25 d1 91 48 b8 67 b6 83 29 4d 70 d2 c1 d1 57 b1 32 5b 2a 17 48 a4 95 af 94 05 9a d9 cb 83 f4 d6 8b 95 08 3f f8 0a 34 78 11 bc 63 b0 a5 c8 f8 fb ac 9b be 65 22 10 1f 11 1a a6 3e 7c 34 4f 8a 3e 68 d6 ac 06 71 ad bd 74 d0 21 61 6a 64 7a 99 b6 c9 4a 99 39 eb 44 d4 83 62 e7 9e 32 41 7a 52 2d be d9 30 42 01 d0 6d 4d 69 f8 d5 e7 49 14 35 e8 ef 61 56 3f b0 37 70 5d 50 df 38 47 f6 91 97 21 61 63 28 a6 17 6a aa 56 9c 5f 2d d2 82 60 8e 59 41 74 d4 9d 5b f7 17 11 fa 08 ab a5 38 9a 41 9e d3 61 36 81 43 d5 b9 c4 36 20 cd b2 65 33 a6 6d 1f 54 ef 7c 8e 21 10 9a 56 85 11 e9 96 1b 41 f1 52 78 8e df 87 1f 15 09 eb 5d 44 c8 07 8a e6 06 71 a6 62 d6 aa 05 65 99 ac 85 a8 34 ef bb 52 43 8e b6 c0 90 e3 66 e7 29 ee b1 a9 14 Data Ascii: {{'ku%Hg)MpW2[*H?4xce">|4O>hqt!ajdzJ9Db2AzR-0BmMiI5aV?7p]P8G!ac(jV_-`YAt[8Aa6C6 e3mT|!VARx]Dqbe4RCf)
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 96 of 135
2022-03-03 07:35:31 UTC 842 IN Data Raw: ae c5 45 c9 f0 15 a1 67 3d a2 90 d6 e9 9e 4c 0c 37 12 34 23 67 61 58 53 ce 0e 2b 91 ee c1 e3 cf ae bb 08 87 fe ad 20 d8 fa f4 3a fb 56 67 21 3a 4e 6f 60 46 ac 57 3c 13 61 89 9d 32 c3 52 bd ba e0 93 55 86 14 8a a9 f9 cc 35 3b 56 bb a1 8b e1 21 ba 4f dd 93 9b 91 8f 75 27 21 5b 0f f8 96 a2 be 69 f6 7b fc e8 f4 de a3 77 23 ca 25 9b 12 2c 8a 6d a2 1f 76 ee 5a 34 3f d8 b4 05 29 0a e5 79 60 c3 e9 c3 e2 f0 30 a8 d7 e6 ba da 87 e1 94 58 56 d0 bf 18 f6 6b f4 a9 d9 f7 77 28 60 0c fd b2 e2 6c 62 ce 68 83 7b 32 3c aa 98 ec 61 17 e2 9f 17 ba cb d9 d5 21 d4 3f 40 1e 31 fb df b8 bf 8c d1 5e 9c 3c 75 eb 2a e3 d7 5e f4 83 22 ef 00 59 72 a3 e4 19 cf c9 e9 71 d2 69 51 42 1c 3f 9c bf 26 2f ce 4d 9f ae 0e e1 b3 e1 53 34 7e 57 dc 6c 9c 0f 5d 3a 71 c9 96 7c 21 1f 47 3a 8c 2e b3 Data Ascii: Eg=L74#gaXS+ :Vg!:No`FW<a2RU5;V!Ou'![i{w#%,mvZ4?)y`0XVkw(`lbh{2<a!?@1^<u*^"YrqiQB?&/MS4~Wl]:q|!G:.
2022-03-03 07:35:31 UTC 843 IN Data Raw: 9c 18 bd 2e 23 ce 74 9c 71 72 af cb 4d 64 49 51 99 1d a6 b8 a7 43 b8 f5 c3 54 7c b2 cf 6a 56 88 87 75 45 81 ff c2 02 87 f0 3e 64 07 5a 92 1d 8b 97 74 65 81 66 b2 fa f0 82 42 69 f6 9a d2 db 7b 9e 15 b0 0e d7 66 fc 34 f7 b5 c8 11 84 09 2d b4 0c 3f 4c 6e 4c 58 0c 6e b2 71 14 33 fa 3a 0b 33 f0 1a 13 20 04 f3 75 11 7e dc 70 6b 8f 9d 80 dd 66 c7 6e 6b 88 52 52 93 12 51 17 12 f5 a8 52 65 54 63 ec d6 db ec 13 30 7d a1 c8 8a 5e 92 ca cc 55 30 1a 1b 15 0c 66 ae ac 84 2e b2 12 46 38 1d 9b 9e 20 73 e5 98 fa 2c 3d 5b 1b 0f e8 26 4d d0 bb 90 80 72 4b da aa 21 76 db cd c7 05 1c 03 e1 03 32 66 0c e8 ec 18 c3 38 db 1f bb 15 e4 de ef 52 9d e1 5c 93 e6 45 cd 26 73 9a dc 45 b9 6e 9a f6 75 bd 47 37 6c ec 3d b2 6e 5d df 91 8d 1b fa 8e da ea a1 ff dc 82 fc ba 71 3c ea e7 a5 a5 Data Ascii: .#tqrMdIQCT|jVuE>dZtefBi{f4-?LnLXnq3:3 u~pkfnkRRQReTc0}^U0f.F8 s,=[&MrK!v2f8R\E&sEnuG7l=n]q<
2022-03-03 07:35:31 UTC 844 IN Data Raw: 55 60 f2 00 96 b6 d6 b4 88 de 55 7a a3 36 62 59 ac 30 5b b2 86 bc e9 68 e6 32 95 ff 9e 4c 6c 19 ed 70 8d a6 48 a1 55 18 8b 76 64 03 88 f9 37 c9 ed 2b a2 8d ff 48 54 31 c9 0b c3 f7 fc e7 6d 25 db ec 07 74 96 67 ed 38 fb 7a f0 7c 51 3a b7 25 1a 53 69 23 78 77 76 1d e7 df f6 cd eb d3 30 2d c5 fc 98 c0 20 c1 0f 3a 8e 43 1b e7 87 87 f3 81 3d 3e 76 2b 8d a6 93 12 a7 ef 23 0c ee 5c 7f 0b bc 2e a9 c5 27 c5 a7 34 be a2 0e 04 01 f6 d7 ba e3 af 81 c6 a7 cc a7 36 48 75 9e 8f f4 85 a9 2d 2d ba a6 cc eb 60 5b bf 0d 42 52 95 22 30 1f 0a 82 07 9a c9 dd 64 2d 2c 89 8e de da 74 ae 7f 59 46 96 47 13 c5 71 1f 25 c7 3d 3b e3 70 35 23 0d 28 5f 00 74 1e aa 5d 23 99 f5 15 c7 20 5e 4d 97 33 1a 64 e6 c7 7f 32 45 db dc b5 45 58 7b 4d ea bb 2a 0f fa 1f 81 3d 32 5c 04 8e 27 47 ed 82 Data Ascii: U`Uz6bY0[h2LlpHUvd7+HT1m%tg8z|Q:%Si#xwv0- :C=>v+#\.'46Hu--`[BR"0d-,tYFGq%=;p5#(_t]# ^M3d2EEX{M*=2\'G
2022-03-03 07:35:31 UTC 846 IN Data Raw: a9 4f 8f d6 4f 19 5f 7f 72 f0 5a 14 bc 5c 46 4c c7 e1 92 e5 74 a9 43 ab 5f f1 4e e1 8a 3a 75 9d b2 45 93 b3 f6 70 54 f6 e5 f1 23 97 3d e0 e5 49 94 d7 78 f7 24 76 b1 57 ef e2 82 8d f1 cb ea 34 f5 ea a6 70 87 0e 45 d9 1e b9 2a 37 27 28 c3 95 18 2b 57 52 2a 53 0b 27 f4 f4 73 8d d7 8c bb f7 97 16 7a 2b 48 bf a6 ef aa cb 5d b4 49 f6 ee 73 48 e9 e9 8c e0 bb 8c 9a a5 98 76 aa a1 b1 6d fe c2 7b 65 2a 76 27 25 d3 e1 94 5e 5a 48 c8 05 d7 0c cf e2 40 23 bd 6e 9b bc db d3 47 b6 35 44 1f ba 51 2e fa 7d bc 51 1b 3d ad 7d b3 8d 05 13 7d 5d f6 d7 ac 60 f0 da b7 36 1c e6 d4 71 23 a6 a6 3f f0 a5 7c 54 77 51 ff 80 65 ab c3 f9 52 65 95 7c 9d 4a 95 7b c9 9c b8 90 47 24 f4 3b dc 9c ee 76 a9 6e d1 e5 8a 8e 77 9c 74 bc e6 21 14 bb f9 a4 f3 95 5f c2 bf 44 f8 19 57 64 83 19 78 9d Data Ascii: OO_rZ\FLtC_N:uEpT#=Ix$vW4pE*7'(+WR*S'sz+H]IsHvm{e*v'%^ZH@#nG5DQ.}Q=}}]`6q#?|TwQeRe|J{G$;vnwt!_DWdx
2022-03-03 07:35:31 UTC 847 IN Data Raw: b6 bb f9 21 53 1b 5b 23 70 bf ae fb d6 4f 22 81 be 80 aa 9d f3 e2 39 34 18 8a fb a6 fd 21 f9 15 c9 0f 74 f4 8f f3 93 96 dd c4 74 01 ea 3d 20 cc 70 bd 98 f6 0b 4b 19 1f 2f a7 4a e1 73 85 b7 81 21 0e 2b 1b 1a 28 0d be d0 06 ce d0 c3 11 ca 0e 77 d6 03 fa 25 40 4a 6c dd a6 0d 1c e0 62 95 c1 8f cd 77 33 3d 3b 31 f7 eb fa c8 f2 0e 3e 24 f6 6e 63 80 63 1c a1 f4 30 db 19 18 77 59 bf c8 4e eb c5 9b dc ba 4c 36 eb df d6 f6 5f 09 3c 92 5f a5 da c0 c1 ff 07 44 a6 9a 5e 40 7d 14 82 13 2f db d2 3f a7 e2 dd 42 60 91 fc 92 be 31 d2 50 a6 6e 9d c1 03 fa 0b 5b cb d4 93 3b b1 4d 9b 50 99 7b 40 cb f9 cb e8 fa 4b db 42 bf d6 4f 6a 74 96 d5 76 d0 01 99 f9 5b 81 f5 d2 9a 48 11 14 70 3b 46 b7 31 1c 04 c6 dc 50 7a 18 c9 19 4e 84 bd d1 9c 7a fa 8f 83 7e 1b 0f da da 94 34 71 80 20 Data Ascii: !S[#pO"94!tt= pK/Js!+(w%@Jlbw3=;1>$ncc0wYNL6_<_D^@}/?B`1Pn[;MP{@KBOjtv[Hp;F1PzNz~4q
2022-03-03 07:35:31 UTC 848 IN Data Raw: 6f 68 ee c1 2c 33 79 d1 fa 68 74 31 ea 28 22 0c c2 83 c9 43 18 60 33 97 2b e0 ea 2b 13 c1 0f 58 91 e5 c1 9d 8f c3 81 52 4b 5a 25 68 03 9c b0 2f 61 20 44 20 86 87 48 ca f0 11 a5 6c 56 09 dc cd 56 4a a0 98 46 bf 3c 18 fc 1f b7 63 a8 bd f7 37 0a 71 7b 8e 7c 7c 06 a4 3e ee 64 2d 39 3f aa 24 5f 53 56 af 2b 34 3e bc 7f 28 5f 7d 87 65 40 2f 6d f1 76 32 67 69 f3 30 9e 94 46 35 a9 9f 31 3a a2 c1 8f e8 32 e0 17 0e 2f ad df 95 23 95 d4 c3 52 53 f5 4b b0 4e 6f fb 3d d8 03 bf 7f 29 a1 7f 74 f9 fa ea c5 e1 c6 6a d1 35 a2 cc d3 30 c0 ae 6b f0 06 ef ca 72 81 5d 37 63 30 cc 96 89 ff 5f 40 ab cf 15 2e 81 a8 72 f6 9f 36 1c e6 38 84 71 6c 55 87 a4 0d 5f da e4 25 ac cf 4e 04 fb d7 83 a2 a7 f2 bb de 3d f1 0b 5a 58 03 8b 0a 07 46 c5 a9 3a 2b 85 b8 d7 b5 22 dd 8d 87 25 d1 6d 2c Data Ascii: oh,3yht1("C`3++XRKZ%h/a D HlVVJF<c7q{||>d-9?$_SV+4>(_}e@/mv2gi0F51:2/#RSKNo=)tj50kr][email protected]_%N=ZXF:+"%m,
2022-03-03 07:35:31 UTC 850 IN Data Raw: 88 3b b4 68 69 12 6a 75 b0 11 8c e0 bf a5 07 4a 7c 83 27 03 ff af ba 63 ae 22 27 83 f9 59 d3 bc 7d 4e e2 e2 74 3d 84 2a 68 cc 19 4f 32 d6 51 11 a4 9c e0 27 7c e5 c5 fd 8a 4d 1f cb 80 18 da 0c b9 68 0a 3f c8 cc 37 b7 9c 9c a9 f0 b3 87 c2 43 20 c6 db b8 e3 55 2e e1 b1 6d 3e 2b 66 71 14 06 8e fb 64 f2 7d 5c 98 96 bd a3 19 4f 51 de 30 02 6b 86 89 74 72 1d 96 3a b4 de 0e dd 16 53 3c 2f 35 77 0f 62 c5 7f 97 74 46 ef da 20 bf f5 a0 7d c4 b3 2a 80 3a 11 ca 68 1b de af 8b 35 11 d4 b0 43 e4 c0 0a e7 97 28 bb 13 4d 8a 03 3a 1f ea b7 a7 56 67 0f 3b 1a 4e ca f4 bc 0d 17 8a d2 4d 25 65 1a a0 80 74 70 ec c9 f1 dc b4 31 48 57 e5 12 04 a0 06 a6 7c 31 e6 1c 24 1a d4 e9 77 0d 3a db e3 2e 15 a5 ec 20 93 e7 9c bb d9 38 19 08 fd ed 1e fe ac a3 a1 c8 c5 c3 fb 72 15 80 6b 30 0e Data Ascii: ;hijuJ|'c"'Y}Nt=*hO2Q'|Mh?7C U.m>+fqd}\OQ0ktr:S</5wbtF }*:h5C(M:Vg;NM%etp1HW|1$w:. 8rk0
2022-03-03 07:35:31 UTC 851 IN Data Raw: e8 13 08 6d 30 af 25 1e 14 92 3b df eb 55 38 8b 3a 43 90 c2 49 4c 42 1d 41 23 20 bb 75 db 46 94 f1 ba 0b e6 fb 02 a2 46 8d 06 13 b6 fa 5b 5b 6f 9b 2f 12 59 c9 ec 75 02 51 16 2e 6a 36 72 e4 08 04 84 18 f3 70 c5 c2 ac 64 c8 64 fe 3b 1f 46 6f f8 c8 b9 82 75 8a b9 49 13 72 e2 e8 9e 88 dc 88 e5 5f 75 9f a8 16 d5 3d 7d 2e 99 c6 8c fa 46 69 e4 95 6a 1a 57 6b a0 ce 2e 3f ff 7c ef af a9 8b 2f ac ea 43 75 8f 76 3c 48 75 76 2d c4 f9 76 b7 c8 e5 e6 0b a5 61 8a e7 c7 8e 5a 75 b1 b9 8b 4d 8a f7 3c e8 6b 3c ab 10 64 53 e0 28 78 a3 de ee 73 dd 76 6e 9a 8e 00 26 4f 97 6a e8 d2 ac 22 9a a6 d7 c1 10 ac f0 6a 70 a2 d4 3c f9 18 c0 79 9c af 30 2b fd 16 87 86 bb af c3 6d 29 19 1e 53 48 0d 28 82 89 29 50 90 29 8e c0 49 b3 d0 60 7b 34 53 f6 e4 13 6c 74 97 7b c5 e0 3e 88 ce e7 2b Data Ascii: m0%;U8:CILBA# uFF[[o/YuQ.j6rpdd;FouIr_u=}.FijWk.?|/Cuv<Huv-vaZuM<k<dS(xsvn&Oj"jp<y0+m)SH()P)I`{4Slt{>+
2022-03-03 07:35:31 UTC 852 IN Data Raw: e4 38 a9 7a c7 fd 1d b5 68 88 f9 d2 0e 65 37 64 c8 50 c7 3e 40 af 4f 64 dd 73 9c ab 70 f0 7f bb 3c cd 39 82 84 ae 54 3a a0 dc a5 6a 02 bc ee c8 05 e0 20 80 1d 35 18 c8 38 04 f0 51 3f 74 77 08 3d 1f 76 87 32 30 b3 3b 8c bb a1 dd e1 ac ac df 5d 47 88 68 81 08 dd de c2 a0 2d 02 1e ad b0 4f 9d ab 80 1f b7 de 05 14 f2 a5 cb 15 a5 00 b5 29 5d 96 11 39 4d 68 a8 03 47 09 c1 17 44 2b 72 c6 de ae 04 54 34 8a 58 21 bb 11 b1 9e 99 9f 45 26 13 cf 13 95 47 ef f0 e6 0f 3f 51 a8 69 b3 a8 42 a4 35 2c a3 50 9c 15 37 51 31 86 13 d3 90 a6 78 c1 3b 4b 85 36 16 25 c7 31 f5 5f ca e9 e5 d2 82 33 26 72 95 6d 6c 6a 9e 0b 5c d8 74 1f 9a f0 44 3e 51 39 97 11 d1 89 a6 1c 19 a1 a9 38 cc a0 5d e8 8d 91 b3 35 22 ff 33 9a d0 48 e7 9a 8a c8 9b 50 f0 66 76 24 72 7a b6 46 16 15 f5 04 f6 7c Data Ascii: 8zhe7dP>@Odsp<9T:j 58Q?tw=v20;]Gh-O)]9MhGD+rT4X!E&G?QiB5,P7Q1x;K6%1_3&rmlj\tD>Q98]5"3HPfv$rzF|
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 97 of 135
Session ID Source IP Source Port Destination IPDestinationPort
Process
25 192.168.2.3 49790 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:32 UTC 853 OUT GET /include/fontawesome-pro/webfonts/fa-brands-400.woff2 HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveOrigin: https://www.officefootballpool.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.officefootballpool.com/include/fontawesome-pro/css/all.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono; _gcl_au=1.1.2077800476.1646325330; _ga_FXBF6BRJ0L=GS1.1.1646325330.1.0.1646325330.0; _ga=GA1.2.401028957.1646325331; _gid=GA1.2.1312699344.1646325331; _gat_gtag_UA_217073359_1=1
2022-03-03 07:35:32 UTC 857 IN HTTP/1.1 200 OKContent-Type: font/x-woff2Expires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Tue, 12 Feb 2019 20:25:30 GMTAccept-Ranges: bytesETag: "b6f161911c3d41:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:30 GMTConnection: closeContent-Length: 72148
2022-03-03 07:35:32 UTC 858 IN Data Raw: 77 4f 46 32 00 01 00 00 00 01 19 d4 00 0d 00 00 00 01 e8 58 00 01 19 7a 01 49 79 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f 46 46 54 4d 1c 1a 1e 06 60 00 8a 6a 11 08 0a 86 fc 24 85 b8 49 01 36 02 24 03 8d 04 0b 86 44 00 04 20 05 8a 7f 07 a7 02 5b 53 82 71 c6 d0 b8 eb f0 19 74 1b 02 04 94 aa cf 6d fe 3c c8 48 84 b0 71 80 c3 78 33 30 33 1a 6c 1c 80 79 9b 36 ce fe ff ff ff 05 c9 42 e4 bc fb b4 f7 9f 24 91 62 05 0a 36 83 1c ee 42 38 82 32 22 02 39 d8 b9 50 75 6a b9 43 b1 83 63 08 9d ba e1 dc 93 96 7d 1f f9 70 fc c1 6a 74 92 21 92 21 92 21 ea ad e1 d4 12 6a 35 07 8d d6 1a 9f 8d 95 64 88 64 88 64 08 97 a5 56 aa 54 b9 a7 5d 6f 15 85 ef 86 48 86 92 64 88 f2 72 c5 96 53 6e fb 87 b5 79 5a 7b be 10 b4 a7 e7 1a 35 de 46 39 d0 8b ab 1d 2d cc b7 Data Ascii: wOF2XzIy?FFTM`j$I6$D [Sqtm<Hqx303ly6B$b6B82"9PujCc}pjt!!!j5dddVT]oHdrSnyZ{5F9-
2022-03-03 07:35:32 UTC 889 IN Data Raw: 27 7c 77 6c 3c a3 77 30 b9 0d 0f 3f c6 db b3 cd 03 c3 01 d9 83 ca b0 bc 48 99 c4 cb 6f 78 e3 e8 bf 14 bc 26 61 ef 40 fd c8 c2 fd 43 93 e1 d3 31 a7 c6 ba 9e 71 3d f4 f4 c9 90 f5 8f 9f 7e 32 3a 9a 7e 25 c5 68 b4 63 cd 6e ed b0 c6 d6 95 84 2c da 0f d0 87 3a 02 fe d4 8d 7c e7 d7 ff a9 f2 a0 e4 1b 37 65 5d d1 65 8a df 86 9a 3f 96 49 b2 7a 26 df d9 67 9f 64 75 a6 95 ce ab 33 a0 cf 25 d1 d6 8d 8e ef 75 7a 36 15 ff 8a 85 32 1a 84 81 3a 85 fa 77 ff 18 01 dc 91 55 8c 0d 7e 28 fe f0 09 46 9b 0e 95 95 3a 93 8c 8e 9c a3 4b 41 3a ac 09 c1 1d 75 6e 2a c3 78 99 79 a8 09 07 88 0c ff 2f 68 a1 93 92 74 15 20 8c 08 c1 89 b6 39 60 fe 87 c5 df b5 80 05 89 53 97 5f cb 5f 16 ee 55 76 ee 79 25 a9 e7 4b 1f f6 86 b5 f8 cf ab 03 43 9c 52 67 ab 04 cb d7 ca b0 a2 bb ed 78 14 55 47 94 Data Ascii: '|wl<w0?Hox&a@C1q=~2:~%hcn,:|7e]e?Iz&gdu3%uz62:wU~(F:KA:un*xy/ht 9`S__Uvy%KCRgxUG
2022-03-03 07:35:33 UTC 945 IN Data Raw: 4d 91 01 e2 a3 68 b3 d9 f7 84 50 23 53 10 c8 eb 45 04 2f a4 47 10 9a 3a 15 22 8c ab 6b f0 2a 1a d3 3e da 83 79 39 51 1e ca b7 94 c1 74 80 f6 11 86 50 3e 2a f0 a0 d3 49 e1 c3 13 58 96 63 23 23 f1 28 24 66 81 a0 7e 27 85 76 c7 30 d8 24 62 62 86 18 79 e0 4e 40 99 8c a4 4b 27 a5 c8 6a e2 a5 28 9a de 62 93 d5 8b 82 4c 1f 19 4d 1f 9a de eb e7 fe 64 ba e6 86 a6 16 e7 06 be e0 64 32 2c 1e c2 6e 96 61 59 e4 46 43 ec 3b 34 8d 87 b1 b7 0c 34 43 87 87 99 11 05 83 d7 60 2f 03 80 59 16 6b 12 57 d0 7e 54 bb 9a db 9d 98 35 3f 7b f5 da 0d 6e b1 f2 89 d8 fc 58 c2 cc d0 e9 ab 2e bc 33 aa 12 02 d4 81 7a 3f 8f ef 0b 33 e6 da 3f 71 27 8c 63 f9 0a 48 1c 27 34 2e 18 fc 35 7d 2e 61 07 61 f3 1f 0b f7 ee 9d b9 2b c8 48 59 6e 64 bc fa 4e d7 c6 86 8d 3f 03 0e 69 63 8b a7 1e b5 ba 8f Data Ascii: MhP#SE/G:"k*>y9QtP>*IXc##($f~'v0$bbyN@K'j(bLMdd2,naYFC;44C`/YkW~T5?{nX.3z?3?q'cH'4.5}.aa+HYndN?ic
2022-03-03 07:35:33 UTC 961 IN Data Raw: 47 03 27 17 ad 98 92 90 e2 2c ca 7b f2 d2 18 17 46 74 63 e9 c8 fb ab ef 6b c1 ec e2 eb 5e bb f6 1f 59 dc 6d ff dc 24 f9 41 5a 14 f6 ed f9 b0 22 fe b1 c5 bc ce 5e 64 67 ec 83 86 1b 3b e3 ce aa 6c 8b ba 42 8b f4 b6 42 58 74 24 ec 3c e6 2a 53 c7 5b c7 1a 3e 2b 00 c5 e5 5c b9 ec 6a fd 05 ed e4 84 7a bc 1e 0f 0e 45 81 2f 0c 4e 5c 92 05 7e 3d f0 b0 5d bc f2 d7 73 b9 81 36 83 93 d8 4f d0 7c 0d 52 b1 d9 1a 98 31 ae c0 8d ed 93 84 c0 d9 16 b5 0e f2 34 0c 0c 40 cd 4f 70 1d 70 87 8e 02 d3 a8 c2 22 15 18 b7 47 83 22 c1 03 2d 19 1c 32 ce b8 d8 43 91 50 58 b2 3d 9d 05 80 99 da 8f 53 ff 19 52 35 b1 fd ea 9f 67 18 9a 58 5b 79 16 73 0d e3 cc 37 57 db 27 55 71 fe 54 63 db 62 3a 5e fd fb e6 3d 47 a5 b2 c6 78 7a 19 73 32 f5 9c f7 df fe fb cf a4 18 60 0b c0 b6 9d c2 cc a8 7e Data Ascii: G',{Ftck^Ym$AZ"^dg;lBBXt$<*S[>+\jzE/N\~=]s6O|R14@Opp"G"-2CPX=SR5gX[ys7W'UqTcb:^=Gxzs2`~
2022-03-03 07:35:33 UTC 977 IN Data Raw: 4f a1 53 28 de 5c 16 e8 5d d5 b5 c8 6c b6 c5 df f8 fc 30 2d 4a c8 51 9c cb 66 b9 42 be 36 6c 32 9b d3 c2 4f fc 7c 29 4d 2f 62 33 96 b8 d8 56 39 13 79 34 f4 37 9a 6e 2c b2 bb c9 02 9a 53 fe 6e e4 12 1a b5 a9 fe df 56 26 73 49 65 5a 84 f7 0d af f1 7b f2 14 40 d1 e2 1a 8c 91 23 e1 33 96 ba 8a 10 46 0a 6a 4e 72 3a 0d fb 0f ab a6 00 62 86 6b 0e f7 7f b4 46 2a 79 cb ae 3c 9b 3c 59 22 85 6c e8 c6 ea 5c 18 d0 16 98 a9 51 08 03 a9 f1 6a bc 0b 42 f8 e4 ca b7 98 b6 83 a2 c3 5a 5e 6b f1 e5 b1 e7 24 0b c6 f7 a2 f3 d6 7b 3f 7c b3 12 c7 03 a4 ed 1b 3b a6 1a 36 b4 77 bc ec af fa 14 23 8a 4b 04 b6 b0 d0 52 a1 e4 fe cb 25 b8 b1 1e 56 70 24 5d fc 67 d6 d7 57 8d 67 c0 fc 1b 4c e1 c8 f9 20 ec 73 98 b5 41 13 fe 0d 7a d2 f8 30 8d 12 f4 e1 e3 a0 7e cc b3 d8 9c 4e 65 4c 8c c8 b6 Data Ascii: OS(\]l0-JQfB6l2O|)M/b3V9y47n,SnV&sIeZ{@#3FjNr:bkF*y<<Y"l\QjBZ^k${?|;6w#KR%Vp$]gWgL sAz0~NeL
2022-03-03 07:35:33 UTC 977 IN Data Raw: 80 57 94 67 b3 e6 64 d3 8d ff 0c d5 c7 7c 08 93 16 ef 61 f3 3a af cd 59 93 a5 4a 52 d8 6c 59 6b 5a 78 ad 38 dd 9e e2 9a f3 8c 98 fa 45 7c 56 f6 1c 56 69 06 90 e6 7c 88 8b ab 6e 16 ff f2 a9 96 35 97 b5 fa 74 6c d8 d0 41 5d 0b e9 d3 aa 87 64 60 0b e2 7e fa 18 18 1c 97 91 91 0e 1f 2b 3b d1 fe 2b 33 83 cc 67 64 f0 7d 13 7f 6e 2b 59 39 2a f1 a1 28 cc e7 67 7c fc 74 ab 0f a9 20 ee 4a 71 62 e2 07 94 55 9c f1 35 e1 b8 38 df f2 0f 3e d5 43 be a4 84 9a 8a a1 d6 32 6f ca eb 18 63 3d 7f d9 13 49 b5 19 14 32 a0 cb 6d b7 b0 13 83 f7 3e 49 a5 7f ab 70 77 c6 29 02 ea 21 db 89 b2 53 95 85 62 8d 1c dc 6b c4 5d 99 78 a7 c2 70 07 6e 91 db 4e 71 27 06 ef 8b 4a a5 a3 98 5e 67 38 53 5d af 38 59 76 6a bc 7b f7 a0 89 92 48 00 60 c6 d9 0a fd 1d f0 6e 28 27 2c c7 83 9a aa 73 6e a2 Data Ascii: Wgd|a:YJRlYkZx8E|VVi|n5tlA]d`~+;+3gd}n+Y9*(g|t JqbU58>C2oc=I2m>Ipw)!Sbk]xpnNq'J^g8S]8Yvj{H`n(',sn
Copyright Joe Security LLC 2022 Page 98 of 135
Session ID Source IP Source Port Destination IPDestinationPort
Process
26 192.168.2.3 49791 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:32 UTC 854 OUT GET /include/fontawesome-pro/webfonts/fa-solid-900.woff2 HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveOrigin: https://www.officefootballpool.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.officefootballpool.com/include/fontawesome-pro/css/all.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono; _gcl_au=1.1.2077800476.1646325330; _ga_FXBF6BRJ0L=GS1.1.1646325330.1.0.1646325330.0; _ga=GA1.2.401028957.1646325331; _gid=GA1.2.1312699344.1646325331; _gat_gtag_UA_217073359_1=1
2022-03-03 07:35:32 UTC 873 IN HTTP/1.1 200 OKContent-Type: font/x-woff2Expires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Tue, 12 Feb 2019 20:25:33 GMTAccept-Ranges: bytesETag: "d6f52c1b11c3d41:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:30 GMTConnection: closeContent-Length: 117516
2022-03-03 07:35:32 UTC 874 IN Data Raw: 77 4f 46 32 00 01 00 00 00 01 cb 0c 00 0d 00 00 00 04 c8 34 00 01 ca b0 01 49 79 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f 46 46 54 4d 1c 1a 1e 06 60 00 8e 0a 11 08 0a 90 f3 24 8d a4 63 01 36 02 24 03 b0 5c 0b b0 60 00 04 20 05 8a 10 07 81 9f 3c 5b b0 c7 93 81 b8 fb 4e 24 04 b5 13 44 49 3a fb 6c 2b b7 40 b9 ed c2 b7 55 06 c7 c3 56 bc 20 ea ad 13 1e e8 4e c0 52 a9 de f6 b0 ec ff ff ff ff 37 25 8b 21 db ff c1 ee f7 00 c0 d2 6a 95 2e 4b b5 aa 4a 18 62 8a 32 d3 5c 25 99 33 95 2b 9a 39 55 71 87 64 95 a6 6a f7 61 aa 52 16 70 57 20 55 01 dc 25 64 31 fa 5e ee 1f 46 d6 0b e8 70 16 7b dc ad 25 e9 27 f0 ac 08 a8 08 a8 08 28 59 5e 72 ce 5d 75 f8 c2 c3 01 dc fb 5d 3b b6 b6 4f de 37 f4 7a 9c 91 a9 19 78 f8 c0 27 58 c2 de 00 f1 3b 63 9f f5 45 5f Data Ascii: wOF24Iy?FFTM`$c6$\` <[N$DI:l+@UV NR7%!j.KJb2\%3+9UqdjaRpW U%d1^Fp{%'(Y^r]u];O7zx'X;cE_
2022-03-03 07:35:32 UTC 929 IN Data Raw: 4e a0 c4 9a 69 05 af e2 06 98 ba e0 09 4e 58 55 b0 53 c8 70 87 70 b4 d2 14 4d 05 de 8a 01 e4 49 92 a0 8d ad ca e3 ca de 68 77 2f b6 e2 c7 21 e6 9d eb f3 0f 79 21 f3 73 1c 3c 8a 72 43 7f cf 14 c2 9d 8c af 02 dc 0a c5 11 8f a1 a5 49 16 b7 05 c7 4f 62 21 65 54 f0 23 19 5a ab 3b 0a bc 2e 95 02 2a a0 e6 b0 b0 c2 28 39 bf 58 fb 17 df 24 c0 9b 5e 4a c5 32 cb 41 10 65 88 5d eb 9c bf 1d 7e 2a 6d 27 52 a4 17 8c d2 2c e6 e7 e4 57 65 df e0 26 26 77 4f 30 d6 25 f8 94 74 6a 8e f0 5b 4f db cc 8a 98 90 dc 7f ed a5 7b 81 4e 1a 32 79 aa 12 11 e1 27 b2 62 01 c4 b3 90 06 b7 84 8c b1 88 d3 d2 56 e3 57 89 c6 e1 de 29 a0 49 32 d1 bb 3b 2b c2 0c 4d 1e 3f a1 d2 b0 b4 89 1b b6 c1 da e9 c3 1f d4 ee f3 3b 65 f6 02 bb 46 f8 bc fc 09 e7 c9 21 dc 35 db d5 70 7b a1 a4 d0 bd 64 d2 52 ef Data Ascii: NiNXUSppMIhw/!y!s<rCIOb!eT#Z;.*(9X$^J2Ae]~*m'R,We&&wO0%tj[O{N2y'bVW)I2;+M?;eF!5p{dR
2022-03-03 07:35:33 UTC 1000 IN Data Raw: b3 d3 8d b2 84 ac bf ba c3 22 70 45 33 82 a7 6c 90 c7 ca bc b2 59 da 89 03 5a 3a 7a 40 d3 ce 03 e9 ce d4 56 80 02 d5 cf a9 6e e9 a9 18 94 ec 60 d8 f8 39 cf 55 b1 59 57 1a 4c f9 ec 6d 42 2b db 9e 31 3d 0d 90 88 9a 85 28 67 e9 f0 1e ec aa fc 6c ae 28 60 b7 4d c4 fe d1 c1 0c 2c d8 58 0a 59 5e 6d 92 15 dd fa 83 56 ec 95 4a 84 93 d5 e2 a1 a6 05 61 f5 28 bc 5b c9 2c 8f df e7 f2 ca 11 c3 61 d3 d3 29 06 91 b5 43 0c 5c ab 0b 79 b0 0e af 06 08 25 61 76 c0 50 f9 a2 ee ac 52 e2 6f a8 4a 70 f6 4c 2e 65 37 cb b7 e7 1f 16 d5 af e0 36 98 2a 08 c9 f3 e0 59 f2 f5 ea 5a 76 51 3d 4f d0 9e 7c 8f be 54 0b a4 6f 4f 3c 23 b7 b7 08 11 2e f6 12 89 bf 70 00 33 34 0d 22 47 79 28 7c 9e f4 15 67 4c 5f 51 eb 19 f9 ae bf 3b 69 62 90 71 50 dd a5 0d aa 51 69 cd 9b 4a 78 a9 fe 59 db 61 9c Data Ascii: "pE3lYZ:z@Vn`9UYWLmB+1=(gl(`M,XY^mVJa([,a)C\y%avPRoJpL.e76*YZvQ=O|ToO<#.p34"Gy(|gL_Q;ibqPQiJxYa
2022-03-03 07:35:33 UTC 1016 IN Data Raw: ec 16 18 3d 6d 46 8e dc 27 d6 5b d1 e0 24 b0 08 c8 e0 54 6f 9d 47 8c 57 a0 57 eb d7 d5 9c 58 8f 1c 6c ec 08 59 36 ba e5 78 f1 5e ff c4 34 74 1f d5 8f 2e 03 9d e8 ce 9d b6 d6 fa a8 fa 79 d5 36 23 59 60 d1 28 fe 02 84 05 70 1a 5b 47 1b d9 68 7b 0d 42 5d ad b6 62 d5 9c 67 26 4f 7e 26 f5 c3 8c 71 7e 85 00 ee 49 5c 75 da 5e e9 40 fd de 2f f6 b7 c4 98 d0 b0 cd 06 c7 ed 60 f7 51 30 ef c2 8d 7b a4 99 10 c8 0a 4e 9f 4b fd 98 aa c2 97 74 ae 1e 1d 2c 1a 1a ec 5c 6d b3 59 cc 23 c7 3f 78 3d 7a 2a 78 74 f3 ee 86 78 b7 98 b6 a1 e1 b1 a1 a2 c1 a1 bc cf c9 25 e0 44 d8 14 95 78 e4 f8 62 85 a3 3d 55 c1 4a 65 78 1f 86 a1 51 88 a0 77 89 25 b3 86 fb f1 96 b1 54 85 09 4b c1 3b e4 bd 90 00 ca 7f ed 43 1e 7d 86 8e dd 98 55 27 e2 a7 c4 b1 c5 aa 80 85 86 20 b8 2a 0c e2 01 5d 89 de Data Ascii: =mF'[$ToGWWXlY6x^4t.y6#Y`(p[Gh{B]bg&O~&q~I\u^@/`Q0{NKt,\mY#?x=z*xtx%Dxb=UJexQw%TK;C}U' *]
2022-03-03 07:35:33 UTC 1032 IN Data Raw: 40 ee fb 7f c7 b1 a0 3b c9 24 7d 9c b3 ff 53 cb a0 71 5f be bc fc ef 8e 15 44 ad 2c b8 22 b7 c2 35 55 78 84 19 7b 61 a7 86 e2 88 6c 53 3c 95 3f 55 3c 75 e1 9d d0 5f d9 2c dd 74 fc ed 7e 96 5b 84 66 48 5f d6 e2 b6 5f c4 7a 7b e0 d2 46 30 77 6a a8 ba 5e a7 b8 c9 37 ac b8 8c 9a 9d 29 d2 40 77 29 46 7f bf ee cd 35 4f 3d 7f e0 50 5c d0 2e fb de 96 c0 cd 99 91 53 0d 17 27 52 ff a3 b8 ab 1c ff fd bf f2 d3 74 d0 e4 ea 14 46 76 81 7f 18 e1 15 52 78 df ff 6a b0 74 77 5b e6 fd d5 40 0a 59 aa 28 1c f7 c4 71 ea 65 b7 dc de a8 28 ef f6 22 66 ee bc 67 a6 24 b5 dd fb 47 8d bd 89 6e 9b 32 1d af 86 1d 5a ce eb ee e6 4d a7 4f a5 03 06 c1 e7 e3 f8 a1 6a c6 29 70 be 7d db 32 7d 70 7a 9a e1 fe 64 2b 21 3b 0d 34 5d 11 95 9b 52 49 7a a5 9e 54 64 4a e7 4d 22 2d a9 b3 b6 27 93 55 Data Ascii: @;$}Sq_D,"5Ux{alS<?U<u_,t~[fH__z{F0wj^7)@w)F5O=P\.S'RtFvRxjtw[@Y(qe("fg$Gn2ZMOj)p}2}pzd+!;4]RIzTdJM"-'U
2022-03-03 07:35:33 UTC 1032 IN Data Raw: 91 f6 a4 93 d1 f2 2c ce d8 98 d1 27 0c 1e b2 72 39 69 55 6a aa 03 69 77 06 79 b8 eb 8c 7d e5 9a a6 1c fb 89 98 64 66 36 f8 ab a1 5c e9 ba 50 3e 9b a8 ca ad 52 72 a4 ae 89 53 b9 f9 2b f1 f9 19 9d 4a be ff cd 2b 7a 34 bd b5 3c fb 3f 9a 2c 70 f9 b2 94 78 8f 64 8f de fd 0f 54 94 55 cc 47 e8 c4 f4 5a ed 72 8a 32 3c 4b 75 68 cb e5 95 1f e3 14 9e b9 41 b7 be c2 bf 1d 86 19 c3 97 01 d3 ed 04 53 33 e6 bf c9 72 7c 45 62 f1 f2 91 6e 7d 54 bd df 22 87 31 e0 be f4 b7 7c e7 10 5e a3 b3 07 ea 1d c6 c3 d2 d9 75 5e 9b a9 81 4d f2 c0 f1 e6 a6 b9 eb b1 b1 67 80 68 19 f7 f8 e0 8d 3e 6e 9d 26 b2 75 1c 12 2b c8 0d 20 e6 6f 8c d5 f9 29 1c 32 3d e5 54 e6 94 da 74 2a b5 c7 cc 65 66 5f 0f ac 48 45 68 a9 a4 6e f6 e8 9a 55 82 ca 0c 9a 9b 68 d0 3f 5a 34 4a 8d 3c 27 99 e1 98 89 45 7f Data Ascii: ,'r9iUjiwy}df6\P>RrS+J+z4<?,pxdTUGZr2<KuhAS3r|Ebn}T"1|^u^Mgh>n&u+ o)2=Tt*ef_HEhnUh?Z4J<'E
Copyright Joe Security LLC 2022 Page 99 of 135
2022-03-03 07:35:33 UTC 1102 IN Data Raw: 06 84 49 13 2b d5 c9 7e db d8 e5 62 a9 fc e4 ca 44 be 74 4b 80 13 a2 1d eb d4 7c 3e 67 22 f5 c1 2b 49 50 de da 60 49 e4 19 9f 10 c5 53 d0 8e 04 25 5c ee 87 56 26 41 a3 d8 86 0e 10 20 89 15 2c 3c 1c 66 df 55 d4 c6 b2 4d d9 58 3d a9 e1 26 94 ca 8b c7 a7 f6 fc c2 b6 a2 ed 49 1a 4b c5 a0 93 13 6a d7 22 6e 6a 6e d5 95 e8 51 2b 4e 88 9d 92 db ea 53 e2 31 9f 2c fd c9 87 56 d9 c9 b1 fd 94 eb 59 ca 58 37 4c 1a 4b 0a 18 e0 cd d2 33 83 f1 ad 5c fe f0 8a 23 7e b5 db 06 c2 30 e1 ac 2b 95 a8 9b c7 80 95 31 a5 56 03 30 c3 96 1d 7d 1e b9 cb 5d 4a 83 fe 11 b6 46 15 9a 5d b6 5e f1 40 c6 95 ba 1f 17 72 be 0c 50 15 db 50 d4 af 3f f3 c3 d7 3c 63 42 3d 6d 81 20 80 93 84 30 74 e4 d5 df 39 cf b2 ed d6 5f c8 ef 94 67 db 40 b2 ae 8f 11 a0 23 76 fd 0f 0d ef 37 43 e6 91 16 ef bb 39 Data Ascii: I+~bDtK|>g"+IP`IS%\V&A ,<fUMX=&IKj"njnQ+NS1,VYX7LK3\#~0+1V0}]JF]^@rPP?<cB=m 0t9_g@#v7C9
2022-03-03 07:35:33 UTC 1118 IN Data Raw: af f2 2f 6d db cd 19 bf aa 4b a3 a4 c6 ba 17 a5 7f 7b 5c 38 43 ce c8 75 97 5c f4 ad f3 95 8c c2 40 22 84 b0 a0 90 42 0e f3 24 81 47 53 2e b6 0b 3a f1 09 5b f5 75 ce e3 61 e0 eb b4 b2 c5 ed bd ac de 52 c7 f7 e8 6a 0f ab 67 c4 a4 f3 d8 de 7d e3 78 ac 8e b5 c7 83 a5 67 45 4d f2 b4 bc 27 64 29 03 cb 4c 34 9c 1e 90 d5 ab 60 c3 61 84 4b fc b8 89 8e c0 c1 10 3a ed f3 10 86 b0 d2 f3 db e5 eb c4 b0 63 ca 0f 48 c4 45 5a 38 5e ad 51 20 fc 11 0f 22 c6 53 d6 53 61 f4 ff ea 00 55 d3 60 cb 1f db 31 4c b8 1d 09 63 d8 99 18 b3 8a 21 67 2a 7b 78 e8 b1 86 2c 0a c3 06 3d ad 1f 45 08 e1 47 b3 ba e4 a2 a2 c7 95 07 1e ae 6c cf a2 70 79 6a 48 3b 0e 35 92 6d 38 c1 ee 51 12 17 bb f7 83 6c 16 93 ee a4 f9 9b 4a 45 b4 c3 00 03 bf a8 34 2b 7a 05 ee 2e 9b 7e 0d 9c 45 0a 59 6e 4f 01 54 Data Ascii: /mK{\8Cu\@"B$GS.:[uaRjg}xgEM'd)L4`aK:cHEZ8^Q "SSaU`1Lc!g*{x,=EGlpyjH;5m8QlJE4+z.~EYnOT
2022-03-03 07:35:33 UTC 1134 IN Data Raw: c5 d6 fb 94 28 92 bb be 7e 9d 17 bd 15 81 4c fc ae d2 b7 3a 07 47 ed 3d 0f 2e 10 b2 84 99 24 ce 02 5d c1 90 9e d6 a1 b3 64 54 b4 cb de ad 29 4e 11 f1 db 81 f9 38 44 0e 22 d8 fa 72 b1 38 44 f0 05 30 ac d3 8e 03 9a 9a 4a f5 05 c1 48 0c 52 90 d3 c2 a9 5e a7 4f 28 f1 c0 ad 27 87 5a 19 a7 28 8f 3b 6a 5f 63 9d 9b e8 fd e8 f7 19 12 d2 75 58 66 1e 10 8a 98 96 a6 a0 5f 89 93 4f 97 84 02 e6 c1 92 c8 bd b8 b8 0d 5d 9f 01 92 fb 56 1d b6 22 6e f9 6d e6 16 d4 03 65 e6 9c d4 aa 57 5e 75 e4 b2 d3 a0 12 f8 24 4d 27 b5 eb f6 76 9e 06 19 35 f4 81 a8 e0 66 a7 f3 15 0b 87 d2 61 9d d6 06 b9 b7 2a cf 80 db 10 56 9c 51 ec e6 4d 3d f4 dc 41 00 de 52 19 a1 00 54 03 72 b0 2c 6c e2 30 c0 e0 a5 0d 18 da 73 ae 94 21 ed a5 c0 b8 74 9c f0 05 e3 2a 04 9b 5d 0a 5b ac 9c 07 41 25 0d c9 18 Data Ascii: (~L:G=.$]dT)N8D"r8D0JHR^O('Z(;j_cuXf_O]V"nmeW^u$M'v5fa*VQM=ARTr,l0s!t*][A%
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
27 192.168.2.3 49792 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:32 UTC 855 OUT POST /setClientMobile-ajax.cfm HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveContent-Length: 22Accept: */*X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Content-Type: application/jsonOrigin: https://www.officefootballpool.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono; _gcl_au=1.1.2077800476.1646325330; _ga_FXBF6BRJ0L=GS1.1.1646325330.1.0.1646325330.0; _ga=GA1.2.401028957.1646325331; _gid=GA1.2.1312699344.1646325331; _gat_gtag_UA_217073359_1=1
2022-03-03 07:35:32 UTC 856 OUT Data Raw: 7b 22 73 63 72 65 65 6e 57 69 64 74 68 22 3a 22 31 32 38 30 22 7d Data Ascii: {"screenWidth":"1280"}
2022-03-03 07:35:33 UTC 1000 IN HTTP/1.1 200 OKContent-Type: application/json;charset=UTF-8Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:30 GMTConnection: closeContent-Length: 26
2022-03-03 07:35:33 UTC 1000 IN Data Raw: 0d 0a 09 7b 22 72 65 74 75 72 6e 43 6f 64 65 22 3a 22 31 32 38 30 22 7d 0d 0a Data Ascii: {"returnCode":"1280"}
Session ID Source IP Source Port Destination IPDestinationPort
Process
28 192.168.2.3 49794 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 100 of 135
2022-03-03 07:35:32 UTC 856 OUT GET /menubar/mainmenu_0_tp.xml?v=32 HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveAccept: application/xml, text/xml, */*; q=0.01User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36X-Requested-With: XMLHttpRequestSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono; _gcl_au=1.1.2077800476.1646325330; _ga_FXBF6BRJ0L=GS1.1.1646325330.1.0.1646325330.0; _ga=GA1.2.401028957.1646325331; _gid=GA1.2.1312699344.1646325331; _gat_gtag_UA_217073359_1=1
2022-03-03 07:35:32 UTC 905 IN HTTP/1.1 200 OKContent-Type: text/xmlLast-Modified: Fri, 26 Feb 2021 20:48:38 GMTAccept-Ranges: bytesETag: "182668c280cd71:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:30 GMTConnection: closeContent-Length: 7279
2022-03-03 07:35:32 UTC 906 IN Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 20 3f 3e 0d 0a 3c 6d 65 6e 75 20 69 64 3d 22 30 22 3e 0d 0a 3c 6e 61 6d 65 3e 4d 61 69 6e 20 4d 65 6e 75 3c 2f 6e 61 6d 65 3e 0d 0a 09 3c 6d 65 6e 75 20 69 64 3d 22 31 22 3e 0d 0a 09 09 3c 6e 61 6d 65 3e 50 4f 4f 4c 53 3c 2f 6e 61 6d 65 3e 0d 0a 09 09 3c 74 61 72 67 65 74 3e 73 75 62 3c 2f 74 61 72 67 65 74 3e 0d 0a 09 09 3c 6d 65 6e 75 20 69 64 3d 22 31 31 22 3e 0d 0a 09 09 09 3c 6e 61 6d 65 3e 4d 79 20 50 6f 6f 6c 73 3c 2f 6e 61 6d 65 3e 0d 0a 09 09 09 3c 74 61 72 67 65 74 3e 6d 65 6d 62 65 72 73 2e 63 66 6d 3f 70 3d 31 3c 2f 74 61 72 67 65 74 3e 0d 0a 09 09 3c 2f 6d 65 6e 75 3e 0d 0a 09 09 3c 6d 65 6e 75 20 69 64 3d 22 31 32 22 3e 0d 0a 09 09 09 Data Ascii: <?xml version="1.0" encoding="UTF-8" ?><menu id="0"><name>Main Menu</name><menu id="1"><name>POOLS</name><target>sub</target><menu id="11"><name>My Pools</name><target>members.cfm?p=1</target></menu><menu id="12">
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
29 192.168.2.3 49793 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:32 UTC 857 OUT GET /images/homepage/startapoolBG_2019.png HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.officefootballpool.com/include/start-a-pool-v2.css?v=63Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono; _gcl_au=1.1.2077800476.1646325330; _ga_FXBF6BRJ0L=GS1.1.1646325330.1.0.1646325330.0; _ga=GA1.2.401028957.1646325331; _gid=GA1.2.1312699344.1646325331; _gat_gtag_UA_217073359_1=1
2022-03-03 07:35:32 UTC 913 IN HTTP/1.1 200 OKContent-Type: image/pngExpires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Mon, 24 Jun 2019 21:13:38 GMTAccept-Ranges: bytesETag: "218e1cb1d12ad51:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:30 GMTConnection: closeContent-Length: 87451
2022-03-03 07:35:32 UTC 913 IN Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 e8 00 00 00 5a 08 06 00 00 00 2b 49 7c 07 00 00 20 00 49 44 41 54 78 9c 84 bd 69 b3 64 c9 6d 25 08 77 8f b7 e4 c6 ac 62 91 12 29 6a 24 75 9b 75 b7 8d d9 d8 7c 99 ff ff 2f e6 c3 6c 36 2d 9b 16 45 89 55 ac aa cc ac cc f7 5e c4 75 c7 98 03 38 00 dc 23 92 0a a9 98 99 b1 dc eb d7 17 2c 07 07 40 29 ff e5 7f 63 66 26 9a ff 95 42 a5 14 9a 2f 79 6f be aa fe 9b ec 0f b2 b7 f1 2a 5c ed 7b 1c bf 1b f1 25 5c 4f 3e 2b a4 f7 91 6b a7 eb ce ef 94 74 6d 1b 0b c9 ff 17 bd a6 dd a7 d8 18 7d 7c db 6b 79 9f 3b 51 69 b7 c7 22 f7 b0 7b e7 17 ee ed cf 17 d7 2c fb 77 e5 99 7a 7c 9f eb d5 fc 15 1a c4 34 df 6f 54 2e 17 1a 6f 5e 53 79 f7 9d ce c5 c7 bf 10 3d 3d 11 9d 4e 44 fd 99 e8 57 bf 23 7a f7 0d 51 bf 10 f1 20 3a 2e 44 1f Data Ascii: PNGIHDRZ+I| IDATxidm%wb)j$uu|/l6-EU^u8#,@)cf&B/yo*\{%\O>+ktm}|ky;Qi"{,wz|4oT.o^Sy==NDW#zQ :.D
Copyright Joe Security LLC 2022 Page 101 of 135
2022-03-03 07:35:33 UTC 984 IN Data Raw: aa 96 53 61 4b 49 49 e9 5f 70 62 52 da 51 41 ba 55 65 cd 50 18 66 d3 34 9c b9 43 db 47 d9 86 9b 7a ba 57 2b d2 98 72 aa 17 39 93 c6 72 d4 66 36 83 39 a4 28 90 ef bf 53 a7 3a c6 87 bd 11 73 5a 50 07 c1 d6 51 74 fb 01 cb 78 ac 3a 07 20 9a 3d df 90 a9 ed ae 07 e5 59 e7 58 c0 9c e9 e6 34 57 0d 98 c8 bc 5c 2e ee 34 d6 69 3f 70 a4 07 66 76 9d fa 08 1b 33 91 c3 51 2e d6 ee 4b 81 3d 00 91 d1 ce af 9e 4e 9a 7e c6 09 e4 a9 25 40 03 a9 69 c8 1a 37 00 d8 07 66 08 b6 c2 c9 ba f9 f0 69 b5 1d 8c 55 33 a4 f0 19 79 3b 53 77 ce dd 5e ec 29 58 c5 6e cb f8 dc d3 fa 52 db 21 18 9a 1a 48 4c f2 c9 f5 06 9e e7 b4 16 99 4b 7b 5b 6d 2c 30 5c 4a b0 a1 c8 f2 cb 9b 31 06 c7 f0 7b f9 fe 42 6a 28 58 71 8c b4 26 ab ad 32 8e 54 84 17 af 11 01 5f a4 66 16 65 a0 03 9f 61 97 87 d8 73 33 8d Data Ascii: SaKII_pbRQAUePf4CGzW+r9rf69(S:sZPQtx: =YX4W\.4i?pfv3Q.K=N~%@i7fiU3y;Sw^)XnR!HLK{[m,0\J1{Bj(Xq&2T_feas3
2022-03-03 07:35:33 UTC 1048 IN Data Raw: de 16 7a d8 23 52 e9 07 b6 ff 3b 5f 86 1a 63 f2 b3 72 d6 e7 56 95 ca 26 2e 40 4c 6c d2 4b 84 71 a0 28 d6 c2 af 03 74 f9 4b 50 ec 31 ed 7e 65 28 1c 33 15 6a d4 67 0c 16 f4 63 b4 bd f9 fa 2a 6d 10 05 fc f1 87 c8 2f 7f 96 f2 fe fd 34 c6 db 91 36 d9 50 f2 3d 22 44 3e 07 60 f1 24 b6 59 32 5c d6 3c ea df 67 14 c5 56 40 1d be d1 b2 7b 1d fc b5 17 55 0c 5a eb 38 a2 fa 23 72 de 0a f5 69 3f 27 29 c7 dc 28 43 e0 db db c5 80 96 1e 37 e2 ec f9 97 2f 18 93 45 1d 0e 8e 6e 51 9a 7b d7 54 22 4e 81 11 d4 32 62 5d 1b 6a dd 58 f9 36 af 51 42 dd 1e b5 da 2a dd 95 f8 5a c7 c1 32 3a 7a 78 52 84 bd 34 97 9f e6 f2 c2 6f 1b 9d a9 b8 44 ae c8 63 ca 3d ea 56 96 73 0e 72 44 22 fd 31 04 76 a5 1b 66 d9 e6 e8 f1 02 23 74 17 b5 6c 64 af 08 57 ed e4 74 63 a0 7c 59 79 c3 69 4a 9d 53 0b 7d Data Ascii: z#R;_crV&.@LlKq(tKP1~e(3jgc*m/46P="D>`$Y2\<gV@{UZ8#ri?')(C7/EnQ{T"N2b]jX6QB*Z2:zxR4oDc=VsrD"1vf#tldWtc|YyiJS}
2022-03-03 07:35:33 UTC 1064 IN Data Raw: 7e 93 b2 6a df bf 02 c1 91 83 27 e9 66 d4 c2 96 e3 02 e6 3f 3c ab 38 1a 88 eb 50 99 ef 29 2b 82 c7 81 fd d9 3d 92 68 6d a7 da 72 7c a2 f1 ef 2d 8f 0c 38 26 fd e0 81 14 72 70 0d c0 4c 35 c2 3b 67 44 ae 01 1d 0f 30 b0 de 86 ae ef 6e eb 6e ca 05 25 cb f6 6e 9f 41 1d 15 bd f7 d9 cc 5e 5c 99 08 e4 0c f2 3b b5 be 92 d3 73 7b 45 11 d3 b9 33 bb a0 1c 89 bc 95 53 c8 f7 40 b2 45 2a 43 90 26 b5 23 66 5b fc 6c 57 f9 3b c0 d3 e2 7a cf 75 d9 a9 76 e7 a1 29 ce 12 4a 04 2f 44 7b 76 91 73 a7 cf 3a 14 b4 f4 6e 14 29 a8 c0 2d fb 32 20 db 52 77 22 e8 62 1e 47 3b a9 24 83 1c 79 b3 25 db 4c f3 e6 73 dd 82 2a b5 f8 99 54 dc b6 58 1c 3d a7 9e e5 91 e3 c7 de c1 1c 58 2a b1 44 d0 51 28 63 b4 a5 d4 72 1d b7 9f 45 b9 7c f2 71 56 af 67 01 d1 2f 2f e7 9e db 4b c8 44 89 91 67 8a 64 73 Data Ascii: ~j'f?<8P)+=hmr|-8&rpL5;gD0nn%nA^\;s{E3S@E*C&#f[lW;zuv)J/D{vs:n)-2 Rw"bG;$y%Ls*TX=X*DQ(crE|qVg//KDgds
2022-03-03 07:35:33 UTC 1080 IN Data Raw: 34 54 02 0f 51 c3 9e 90 2f 89 62 11 01 9d ea 46 57 7c 64 c4 c1 5e af f5 ea e3 3c e9 9c d6 ea 35 a7 27 79 1a 29 4b 35 4a 90 19 d3 ec 70 ca ab ec 32 1e a7 94 00 64 56 1c eb b3 2b fd 59 ed 1b 8a 39 de 63 73 60 21 c6 c3 38 24 86 9e d7 49 97 9b 44 05 c0 1c ab 07 8f 43 7a 6b 97 73 e8 73 af 85 ae f5 13 ce 0b 18 78 55 d1 42 9e 5a 96 71 cd 0c 3d a4 28 fe b0 60 fc 3d d4 41 56 fe b7 72 fb 96 a2 24 eb f9 02 fb 43 4a 26 56 0d e3 c6 b5 96 33 22 0a e9 34 dc 9d 4b 80 95 1a f9 44 62 68 0d 35 d9 55 39 04 3a 32 3d 28 85 c9 5f 77 73 60 11 0e 07 3b 74 31 c7 d2 f2 81 27 4d 3d 38 b7 50 f6 8a e4 86 77 41 29 5f c6 a4 68 4c 43 0f f3 34 b2 aa 00 8d 38 18 71 7d 2a 73 66 11 d2 c0 f0 0c 97 45 ae dc 17 bb 1a 8a 70 a0 31 55 c4 6b 58 cf 26 eb cc eb d5 34 42 03 76 45 3d c0 53 c4 06 df b6 Data Ascii: 4TQ/bFW|d^<5'y)K5Jp2dV+Y9cs`!8$IDCzkssxUBZq=(`=AVr$CJ&V3"4KDbh5U9:2=(_ws`;t1'M=8PwA)_hLC48q}*sfEp1UkX&4BvE=S
2022-03-03 07:35:33 UTC 1080 IN Data Raw: da f4 55 d9 61 7e 5d 8c 17 a1 f7 bf 54 01 fc 03 10 2c 16 a7 cc e3 3c 7e 3f dc d0 74 fd 20 f5 c6 f4 1b 0b 75 36 4a 19 6a c1 1f 20 dc d3 aa a3 9c 19 be bd 22 c9 8a 74 8c 40 ac ab 36 33 56 21 71 ed 10 f9 fd 1c 4a a2 ce bb 86 22 dc 00 73 a7 00 70 73 67 8b 24 85 08 96 19 8e 4b 1c 79 51 97 8f a4 76 8b fa 18 7d 12 bc 05 b1 9d 6b ba 18 59 7f 8b e4 1a 8b 12 fb 98 7c b4 1e 2b 12 88 97 66 6e d7 00 00 20 00 49 44 41 54 de ef d4 06 6e d1 7d a4 85 bd 2c 56 78 70 be ef 98 8b c7 dd c6 db bb ed 4d b7 17 c3 88 5b 33 f6 d1 39 c7 f8 00 25 0b d6 78 cd 29 46 de 92 c9 2e 9d 71 67 ce 90 42 ba 79 d1 45 d9 2d 6e df 4c b9 57 8d 7a e2 c4 0c ce c4 ce 86 2b 30 4a 6d 51 ba 22 df 34 30 c2 95 ce 68 e6 c5 63 0c 65 3c 54 37 2a 73 ab 50 9a b0 b0 fc db c5 48 03 86 c8 49 1b 6a 63 79 be ea 3a Data Ascii: Ua~]T,<~?t u6Jj "t@63V!qJ"spsg$KyQv}kY|+fn IDATn},VxpM[39%x)F.qgByE-nLWz+0JmQ"40hce<T7*sPHIjcy:
2022-03-03 07:35:33 UTC 1096 IN Data Raw: 23 85 49 5a f1 9c bb 26 25 1f 29 d0 24 a1 91 bd 6e 4a 87 6b 5f d7 fd b4 d0 67 29 49 38 bf 07 10 c6 23 18 89 dd fe 39 f6 fd c4 a5 eb 74 90 1d 23 b6 ba db 97 a3 ca 49 03 45 dd e9 09 63 9f 1c a0 60 81 d1 c5 8c 82 d1 41 d4 7c 3b 2a e7 9e 2c 0f 78 5e e8 d2 a9 dc f2 18 2a bf 43 de e8 9e 9f 28 46 48 22 7b f9 7e 90 d1 da b0 7f 9d 81 13 cf 89 ca f7 36 3e 8c 18 73 e3 8f a1 ec e9 59 34 59 45 e6 51 bb 4c 04 8e c1 d5 17 e5 5f 17 32 da 9c 9b 26 18 03 87 d6 34 a0 f0 66 00 00 14 ea 49 44 41 54 f1 2f 31 ea 12 c6 86 51 6e c2 ab 8a ee 91 c6 61 ec 56 79 65 96 39 25 82 12 aa 62 74 17 05 ba 90 4f 91 80 68 b3 39 24 8f 21 b2 39 11 4b f1 25 0e b3 33 15 4a a0 39 60 f0 d6 3d bd c0 aa 38 7d 61 9b 98 4c 98 79 cf a1 fa 43 c3 71 04 7c 04 e7 c0 b0 c8 83 1c 24 ee 47 94 a4 27 57 10 59 af Data Ascii: #IZ&%)$nJk_g)I8#9t#IEc`A|;*,x^*C(FH"{~6>sY4YEQL_2&4fIDAT/1QnaVye9%btOh9$!9K%3J9`=8}aLyCq|$G'WY
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
3 192.168.2.3 49752 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:28 UTC 21 OUT GET /include/bootstrapofpv3.css HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono
Copyright Joe Security LLC 2022 Page 102 of 135
2022-03-03 07:35:29 UTC 123 IN HTTP/1.1 200 OKContent-Type: text/cssExpires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Fri, 08 Nov 2019 17:12:06 GMTAccept-Ranges: bytesETag: "664e9fa55796d51:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:26 GMTConnection: closeContent-Length: 175419
2022-03-03 07:35:29 UTC 124 IN Data Raw: 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 33 2e 31 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 39 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 39 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 3a 72 6f 6f 74 7b 2d 2d 62 6c 75 65 3a 20 23 30 30 37 62 66 66 3b 2d 2d 69 6e 64 69 67 6f 3a 20 23 36 36 31 30 66 32 3b Data Ascii: /*! * Bootstrap v4.3.1 (https://getbootstrap.com/) * Copyright 2011-2019 The Bootstrap Authors * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */:root{--blue: #007bff;--indigo: #6610f2;
2022-03-03 07:35:29 UTC 141 IN Data Raw: 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 32 35 25 3b 66 6c 65 78 3a 30 20 30 20 32 35 25 3b 6d 61 78 2d 77 69 64 74 68 3a 32 35 25 7d 2e 63 6f 6c 2d 6c 67 2d 34 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30 3b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 33 33 2e 33 33 33 33 33 25 3b 66 6c 65 78 3a 30 20 30 20 33 33 2e 33 33 33 33 33 25 3b 6d 61 78 2d 77 69 64 74 68 3a 33 33 2e 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 6c 67 2d 35 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30 3b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 34 31 2e 36 36 36 36 37 25 3b 66 6c 65 78 3a 30 20 30 20 34 31 2e 36 36 36 36 37 25 3b 6d 61 78 2d 77 69 64 74 68 3a 34 31 2e 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 6c 67 2d 36 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30 3b Data Ascii: -ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-lg-4{-webkit-box-flex:0;-ms-flex:0 0 33.33333%;flex:0 0 33.33333%;max-width:33.33333%}.col-lg-5{-webkit-box-flex:0;-ms-flex:0 0 41.66667%;flex:0 0 41.66667%;max-width:41.66667%}.col-lg-6{-webkit-box-flex:0;
2022-03-03 07:35:29 UTC 157 IN Data Raw: 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 76 61 6c 69 64 20 7e 20 2e 76 61 6c 69 64 2d 66 65 65 64 62 61 63 6b 2c 2e 77 61 73 2d 76 61 6c 69 64 61 74 65 64 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 76 61 6c 69 64 20 7e 20 2e 76 61 6c 69 64 2d 74 6f 6f 6c 74 69 70 2c 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 2e 69 73 2d 76 61 6c 69 64 20 7e 20 2e 76 61 6c 69 64 2d 66 65 65 64 62 61 63 6b 2c 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 2e 69 73 2d 76 61 6c 69 64 20 7e 20 2e 76 61 6c 69 64 2d 74 6f 6f 6c 74 69 70 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 77 61 73 2d 76 61 6c 69 64 61 74 65 64 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a Data Ascii: .custom-control-input:valid ~ .valid-feedback,.was-validated .custom-control-input:valid ~ .valid-tooltip,.custom-control-input.is-valid ~ .valid-feedback,.custom-control-input.is-valid ~ .valid-tooltip{display:block}.was-validated .custom-control-input:
2022-03-03 07:35:29 UTC 173 IN Data Raw: 62 66 66 7d 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 70 72 69 6d 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 70 72 69 6d 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 2e 73 68 6f 77 3e 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 70 72 69 6d 61 72 79 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 3a 66 6f 63 75 73 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 2e 32 72 65 6d 20 72 67 62 61 28 30 2c 31 32 33 2c 32 35 35 2c 30 2e 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 2e 32 72 65 6d 20 Data Ascii: bff}.btn-outline-primary:not(:disabled):not(.disabled):active:focus,.btn-outline-primary:not(:disabled):not(.disabled).active:focus,.show>.btn-outline-primary.dropdown-toggle:focus{-webkit-box-shadow:0 0 0 .2rem rgba(0,123,255,0.5);box-shadow:0 0 0 .2rem
2022-03-03 07:35:29 UTC 189 IN Data Raw: 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 39 65 63 65 66 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 63 65 64 34 64 61 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 32 35 72 65 6d 7d 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 74 65 78 74 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 2c 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 74 65 78 74 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 7d 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 6c 67 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 3a 6e 6f 74 28 74 65 78 74 61 72 65 61 29 2c 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 6c 67 3e 2e Data Ascii: lign:center;white-space:nowrap;background-color:#e9ecef;border:1px solid #ced4da;border-radius:.25rem}.input-group-text input[type="radio"],.input-group-text input[type="checkbox"]{margin-top:0}.input-group-lg>.form-control:not(textarea),.input-group-lg>.
2022-03-03 07:35:29 UTC 189 IN Data Raw: 6d 20 2b 20 31 72 65 6d 20 2b 20 32 70 78 29 7d 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 6c 67 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2c 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 6c 67 3e 2e 63 75 73 74 6f 6d 2d 73 65 6c 65 63 74 2c 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 6c 67 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 74 65 78 74 2c 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 6c 67 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 61 70 70 65 6e 64 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 74 65 78 74 2c 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 6c 67 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 62 74 6e 2c 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 6c 67 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 Data Ascii: m + 1rem + 2px)}.input-group-lg>.form-control,.input-group-lg>.custom-select,.input-group-lg>.input-group-prepend>.input-group-text,.input-group-lg>.input-group-append>.input-group-text,.input-group-lg>.input-group-prepend>.btn,.input-group-lg>.input-grou
2022-03-03 07:35:29 UTC 208 IN Data Raw: 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 7d 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 2d 73 6d 20 2e 6e 61 76 62 61 72 2d 6e 61 76 20 2e 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 2d 73 6d 20 2e 6e 61 76 62 61 72 2d 6e 61 76 20 2e 6e 61 76 2d 6c 69 6e 6b 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 2e 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 2e 35 72 65 6d 7d 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 2d 73 6d 3e 2e 63 6f 6e 74 61 69 6e 65 72 2c 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 2d 73 6d 3e 2e 63 6f 6e 74 61 69 6e 65 72 2d 66 6c 75 69 64 7b 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 6e 6f 77 72 Data Ascii: rection:row;flex-direction:row}.navbar-expand-sm .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-sm .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand-sm>.container,.navbar-expand-sm>.container-fluid{-ms-flex-wrap:nowr
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 103 of 135
2022-03-03 07:35:29 UTC 234 IN Data Raw: 6f 72 3a 69 6e 68 65 72 69 74 7d 2e 61 6c 65 72 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 2e 61 6c 65 72 74 2d 64 69 73 6d 69 73 73 69 62 6c 65 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 34 72 65 6d 7d 2e 61 6c 65 72 74 2d 64 69 73 6d 69 73 73 69 62 6c 65 20 2e 63 6c 6f 73 65 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 3a 2e 37 35 72 65 6d 20 31 2e 32 35 72 65 6d 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 2e 61 6c 65 72 74 2d 70 72 69 6d 61 72 79 7b 63 6f 6c 6f 72 3a 23 30 30 34 30 38 35 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 63 63 65 35 66 66 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 62 38 64 61 66 66 7d 2e 61 6c 65 72 74 2d 70 Data Ascii: or:inherit}.alert-link{font-weight:700}.alert-dismissible{padding-right:4rem}.alert-dismissible .close{position:absolute;top:0;right:0;padding:.75rem 1.25rem;color:inherit}.alert-primary{color:#004085;background-color:#cce5ff;border-color:#b8daff}.alert-p
2022-03-03 07:35:29 UTC 282 IN Data Raw: 23 30 30 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 32 35 72 65 6d 7d 2e 70 6f 70 6f 76 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 7a 2d 69 6e 64 65 78 3a 31 30 36 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 64 74 68 3a 32 37 36 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 22 53 65 67 6f 65 20 55 49 22 2c 52 6f 62 6f 74 6f 2c 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 41 72 69 61 6c 2c 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 73 61 6e 73 2d 73 65 72 69 66 2c 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c Data Ascii: #000;border-radius:.25rem}.popover{position:absolute;top:0;left:0;z-index:1060;display:block;max-width:276px;font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji",
2022-03-03 07:35:30 UTC 330 IN Data Raw: 6f 77 72 61 70 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6c 65 78 2d 77 72 61 70 3a 6e 6f 77 72 61 70 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 66 6c 65 78 2d 77 72 61 70 2d 72 65 76 65 72 73 65 7b 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 2d 72 65 76 65 72 73 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 2d 72 65 76 65 72 73 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 66 6c 65 78 2d 66 69 6c 6c 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 31 20 21 69 6d 70 6f 72 74 61 6e 74 3b 2d 6d 73 2d 66 6c 65 78 3a 31 20 31 20 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6c 65 78 3a 31 20 31 20 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 66 6c 65 78 2d 67 72 6f 77 2d 30 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 Data Ascii: owrap !important;flex-wrap:nowrap !important}.flex-wrap-reverse{-ms-flex-wrap:wrap-reverse !important;flex-wrap:wrap-reverse !important}.flex-fill{-webkit-box-flex:1 !important;-ms-flex:1 1 auto !important;flex:1 1 auto !important}.flex-grow-0{-webkit-box
2022-03-03 07:35:30 UTC 404 IN Data Raw: 69 74 65 6d 73 3a 66 6c 65 78 2d 65 6e 64 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 61 6c 69 67 6e 2d 69 74 65 6d 73 2d 78 6c 2d 63 65 6e 74 65 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 20 21 69 6d 70 6f 72 74 61 6e 74 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 20 21 69 6d 70 6f 72 74 61 6e 74 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 61 6c 69 67 6e 2d 69 74 65 6d 73 2d 78 6c 2d 62 61 73 65 6c 69 6e 65 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 61 6c 69 67 6e 2d 69 74 65 Data Ascii: items:flex-end !important}.align-items-xl-center{-webkit-box-align:center !important;-ms-flex-align:center !important;align-items:center !important}.align-items-xl-baseline{-webkit-box-align:baseline !important;-ms-flex-align:baseline !important;align-ite
2022-03-03 07:35:30 UTC 422 IN Data Raw: 65 66 74 3a 2e 32 35 72 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 2d 6c 67 2d 32 7b 6d 61 72 67 69 6e 3a 2e 35 72 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 74 2d 6c 67 2d 32 2c 2e 6d 79 2d 6c 67 2d 32 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 72 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 72 2d 6c 67 2d 32 2c 2e 6d 78 2d 6c 67 2d 32 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 72 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 62 2d 6c 67 2d 32 2c 2e 6d 79 2d 6c 67 2d 32 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 6c 2d 6c 67 2d 32 2c 2e 6d 78 2d 6c 67 2d 32 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2e 35 72 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 2d 6c 67 2d 33 7b 6d 61 72 Data Ascii: eft:.25rem !important}.m-lg-2{margin:.5rem !important}.mt-lg-2,.my-lg-2{margin-top:.5rem !important}.mr-lg-2,.mx-lg-2{margin-right:.5rem !important}.mb-lg-2,.my-lg-2{margin-bottom:.5rem !important}.ml-lg-2,.mx-lg-2{margin-left:.5rem !important}.m-lg-3{mar
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
30 192.168.2.3 49797 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:33 UTC 1136 OUT GET /images/favicon.ico HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono; _gcl_au=1.1.2077800476.1646325330; _ga=GA1.2.401028957.1646325331; _gid=GA1.2.1312699344.1646325331; _gat_gtag_UA_217073359_1=1; _ga_FXBF6BRJ0L=GS1.1.1646325330.1.0.1646325332.0
Copyright Joe Security LLC 2022 Page 104 of 135
2022-03-03 07:35:34 UTC 1137 IN HTTP/1.1 200 OKContent-Type: image/x-iconExpires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Mon, 14 Mar 2011 15:40:00 GMTAccept-Ranges: bytesETag: "7a2746145ee2cb1:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:31 GMTConnection: closeContent-Length: 1150
2022-03-03 07:35:34 UTC 1138 IN Data Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 67 3e 12 fc 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fc 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 66 3d 11 ff 64 3b 0e ff 64 3a 0e ff 66 3c 10 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 fe 67 3e 12 ff 67 3e 12 ff 69 40 14 ff 61 36 07 ff 4e 1f 00 ff 4d 1d 00 ff 56 28 00 ff 57 29 00 ff 50 20 00 ff 4c 1c 00 ff 5c 30 01 ff 69 41 14 ff 67 3f 13 ff 67 3e 12 ff 67 3e 12 fe 67 Data Ascii: h( g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>f=d;d:f<g>g>g>g>g>g>g>g>g>i@a6NMV(W)P L\0iAg?g>g>g
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
31 192.168.2.3 49808 142.250.186.65 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:34 UTC 1139 OUT GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
2022-03-03 07:35:34 UTC 1139 IN HTTP/1.1 200 OKX-GUploader-UploadID: ADPycdtuH1RbT5yN-hN7CMCBT15h6DzLbvtznEbb2zfgx-CnjU1mOzEoVRtsPoxaSOd-yTehJ9eJkvlA_VWqe2sQSJ50XCBlrwContent-Disposition: attachment; filename="extension_8520_615_0_5.crx"Cross-Origin-Resource-Policy: same-siteAccept-Ranges: bytesX-Goog-Hash: crc32c=DxAZGA==Content-Length: 768843Server: UploadServerDate: Wed, 02 Mar 2022 19:25:22 GMTExpires: Thu, 02 Mar 2023 19:25:22 GMTCache-Control: public, max-age=31536000Age: 43812Last-Modified: Wed, 05 Aug 2020 01:15:29 GMTETag: 730d2491_a246e948_e80d9c94_d8b3f142_86eb8dd2Content-Type: application/x-chrome-extensionAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Connection: close
2022-03-03 07:35:34 UTC 1140 IN Data Raw: 43 72 32 34 03 00 00 00 18 04 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 8f fb bf 5c 37 63 94 3c b0 ee 01 c4 b5 a6 9a b1 9f 46 74 6f 16 38 a0 32 27 35 dd f0 71 6b 0e dc f6 25 cb b2 ed ea fb 32 d5 af 1e 03 43 03 46 f0 a7 39 db 23 96 1d 65 e5 78 51 f0 84 b0 0e 12 ac 0e 5b dc c9 d6 4c 7c 00 d5 b8 1b 88 33 3e 2f da eb aa f7 1a 75 c2 ae 3a 54 de 37 8f 10 d2 28 e6 84 79 4d 15 b4 f3 bd 3f 56 d3 3c 3f 18 ab fc 2e 05 c0 1e 08 31 b6 61 d0 fd 9f 4f 3f 64 0d 17 93 bc ad 41 c7 48 be 00 27 a8 4d 70 42 92 05 54 a6 6d b8 de 56 6e 20 49 70 ee 10 3e 6b d2 7c 31 bd 1b 6e a4 3c 46 62 9f 08 66 93 f9 2a 51 31 a8 db b5 9d b9 0f 73 e8 a0 09 32 01 e9 7b 2a 8a 36 a0 cf 17 b0 50 70 9d a2 f9 a4 6f 62 4d Data Ascii: Cr240"0*H0\7c<Fto82'5qk%2CF9#exQ[L|3>/u:T7(yM?V<?.1aO?dAH'MpBTmVn Ip>k|1n<Fbf*Q1s2{*6PpobM
2022-03-03 07:35:34 UTC 1141 IN Data Raw: 40 3b f4 9e 6a bc a6 ca cb a3 80 eb 8b 1c a8 07 a9 3d 61 65 c8 c2 d3 30 c2 ff f6 cc 90 8b f9 14 44 55 b1 1f a8 1a 6e 1c 91 f5 6e 12 3b ff 49 70 72 cc a2 1f 51 db 15 1c 81 3a 10 b6 e5 20 3c e2 ad 87 0f d5 1e 80 61 09 59 dc 93 f3 83 96 97 87 7b 65 69 9e cd 12 a8 02 0a a2 01 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 cd 4d 62 68 3d 9f 5b 4f 7d b2 2b 1b ae 55 af 4b 48 46 28 6e 33 e8 5c 22 d7 dd d8 2c 67 d7 63 0e b5 8a 36 29 13 10 28 dd 45 ed ff 00 55 db fa ff 23 92 69 ad 61 03 e7 3a 04 98 9f 4e 89 fd 0a 1d 0e 50 88 1b a9 78 ef 4f a0 90 ea 28 6d 43 3b 7c eb 35 01 53 ac 7b 6d ea 61 45 78 8d bb 91 5b 7f 98 66 50 af 69 60 85 79 cc c2 35 b1 88 52 02 84 8b 90 76 7f 24 1a cf 2e b4 00 bd 6c 2d 6d ee b5 02 03 01 00 01 12 80 Data Ascii: @;j=ae0DUnn;IprQ: <aY{ei00*H0Mbh=[O}+UKHF(n3\",gc6)(EU#ia:NPxO(mC;|5S{maEx[fPi`y5Rv$.l-m
Copyright Joe Security LLC 2022 Page 105 of 135
2022-03-03 07:35:34 UTC 1142 IN Data Raw: f6 ad c7 4a cb 2f 1f 77 0d f5 97 97 c5 5f 2f ee 4b 21 c4 5f 5e de 7e 29 ae 9a 3f 8a c1 c7 9b f2 f2 e7 8b 83 8f 77 77 5f 6e 7f 7a f9 f2 f6 fe cb 97 eb 9b bb 17 1f 6a 3b be 58 5f ff fa 72 bd d5 ec cb e2 ea f6 df e5 cd 4b 08 bb 2a 89 5f 1c 0c ee 8a 9b 0f e5 1d 8c 5f ae 3e 17 57 ff bc 38 68 04 57 0f 19 ac 3f 17 b7 b7 70 f1 a6 fc d7 fd a7 9b 72 f3 3c ce 08 06 5e 7d 78 7e fb f1 fa df 70 f1 7f ee ae bf bc b8 bd bf bc fc b4 fe 04 8b 3b 2e cb cd aa 58 57 a2 6a 15 40 46 b0 99 55 06 9e 99 69 25 32 27 d9 60 40 0f c3 54 2a 57 e8 61 24 24 d0 59 30 1d a0 d3 c5 2c ef b6 1e 00 31 f7 64 d3 b3 96 91 0f 99 4e 45 d3 31 4b 63 4d 47 0d f6 3b ea d5 06 08 c9 60 85 f7 ca 04 25 25 9f d1 eb e0 30 31 ee e2 c8 60 5c 26 20 9b 40 82 ca bc 08 da b0 e5 57 6c c7 37 d9 13 d3 66 94 a2 02 c8 Data Ascii: J/w_/K!_^~)?ww_nzj;X_rK*__>W8hW?pr<^}x~p;.XWj@FUi%2'`@T*Wa$$Y0,1dNE1KcMG;`%%01`\& @Wl7f
2022-03-03 07:35:34 UTC 1143 IN Data Raw: 5d 60 c4 24 86 5a 22 50 76 a3 9d 09 c2 58 61 80 31 5b de 09 1f d7 40 b6 42 55 3d 6c 6f 80 83 85 4c 08 e3 be 83 df 3c 6c 95 58 00 2b 52 42 5c b4 a3 e9 e8 90 f5 00 4c fc b4 1c 95 ad 07 ab 8d 6f 6f 8d 54 81 3a aa a3 88 45 b7 9f db fc b8 cd 34 1c a4 2f c8 d3 56 ad 05 64 e8 c5 c2 1d 97 6b ff e8 92 ca 4d fa c0 82 a0 9b cd 2a c5 b6 b8 32 0a bc d8 f0 a7 fd f9 1d 53 75 85 47 b6 62 5b 97 15 31 5f ec 34 e8 4b 82 df 3b dd f5 26 a3 7f 47 af 7c 4f 33 bc 69 98 32 ae b8 bf d7 fd c4 f6 f6 dd cd f5 fd ea 73 79 fb f1 fa fa 0e db dc 56 69 d7 74 4c 2d f0 51 c0 2e ca 67 19 00 85 20 ac 64 d1 02 96 dd 08 6b 75 1c 99 59 5b 6d c2 d8 10 64 d5 21 60 db 48 3b c1 17 9b 72 85 d9 7a 55 d3 94 b3 da 5b 88 6f ed 83 75 3a 28 eb d8 8e 03 44 7d 1d 23 9d 94 a5 77 f7 49 08 6d 8c f6 c4 ac 17 7b Data Ascii: ]`$Z"PvXa1[@BU=loL<lX+RB\LooT:E4/VdkM*2SuGb[1_4K;&G|O3i2syVitL-Q.g dkuY[md!`H;rzU[ou:(D}#wIm{
2022-03-03 07:35:34 UTC 1144 IN Data Raw: 12 a8 5f c5 66 cd c3 99 c5 91 4d 0d 49 77 54 3b 27 68 d1 9c 97 d4 bf 7b 33 52 9b 72 ba 09 24 e6 1f 9c a8 95 56 1a 6f 24 00 7c 40 f9 19 f8 30 37 d3 e6 d4 62 1c 03 d3 94 36 68 11 94 87 e9 3b b5 67 77 22 7d 31 81 0d 1f 30 71 80 3c ec a4 b4 42 54 d1 c3 35 69 38 22 ec 33 e1 aa 6d 2e 51 6d bb 18 e0 59 66 cf 0b 0c 0f 70 d9 d8 d4 a2 fb 54 a1 a3 e3 76 9c 26 87 3b e2 9e 47 db bf 69 0a 4c a8 7a 35 e0 b4 32 78 98 5f f0 c0 fe bf 7b 6e 0d 7a 41 c1 15 1a 87 ac ed aa c2 65 ab 73 76 7b 28 59 ef 09 08 94 0f 15 ea ed f9 b8 9e b5 26 fe 56 14 e4 a7 82 b2 0f 86 9d 94 7e 3c 9c a1 0a eb 03 a7 f1 38 22 a2 f5 35 e6 21 34 3d a9 cb cd 69 05 ec 3e 56 a7 a1 33 e1 bd f6 0a a2 05 c2 86 ed a8 fd 8e 3b 8d 4f df ce 8d 00 86 c8 e0 4e 48 3d 79 a7 f6 2c 3f 1a 0d 97 d3 c9 62 9e 4f 97 c3 a3 a3 Data Ascii: _fMIwT;'h{3Rr$Vo$|@07b6h;gw"}10q<BT5i8"3m.QmYfpTv&;GiLz52x_{nzAesv{(Y&V~<8"5!4=i>V3;ONH=y,?bO
2022-03-03 07:35:34 UTC 1146 IN Data Raw: 00 00 00 00 00 19 00 00 00 5f 6c 6f 63 61 6c 65 73 2f 61 72 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e e5 5c 6d 6f 1b 37 12 fe 2b 3a 5f 3e b4 45 63 f3 75 49 06 ed 01 8a b5 76 b6 b1 25 57 2f 0e 52 04 10 64 5b 4e 82 4b e2 9c ed a0 38 04 fe ef 37 bb e4 7a 87 e2 50 92 d3 24 77 c0 7d 91 e5 5d 71 c8 19 ce cb 33 33 dc fd bc c3 19 b7 ce 2a 5d 70 65 ad 16 4c 73 b3 f3 a4 f7 79 e7 fd f2 e6 66 f1 7a 09 df 77 5e 7d 62 85 5a d4 9f a2 f9 54 b6 f9 14 cd 27 df b9 fb b9 b7 c3 05 97 4e 1b 67 85 11 d2 1a ed 04 a3 a8 08 e9 69 f5 9a 3f ba f9 2c 9a 7f 84 69 fe 51 f5 a7 74 cd 15 db 5d 97 bc fb 2e 16 c9 00 bf 2c 7c 25 2c d7 f5 d0 aa 9b e9 c4 99 ff 51 0f 2d a7 21 2e 0b 74 c3 73 28 fd 02 79 0f 2d 4d 75 4b 53 12 11 6f be f3 cb 20 0c 10 43 61 0d f0 c6 24 77 cc 68 52 16 66 95 48 20 6e Data Ascii: _locales/ar/messages.json\mo7+:_>EcuIv%W/Rd[NK87zP$w}]q33*]peLsyfzw^}bZT'Ngi?,iQt].,|%,Q-!.ts(y-MuKSo Ca$whRfH n
2022-03-03 07:35:34 UTC 1147 IN Data Raw: ff 9a df 22 eb 45 29 6c bb 84 d4 3c 08 43 4d 27 72 ab 13 45 df b3 50 27 c7 2a a6 1d 34 06 e5 5b 82 48 b7 65 32 69 9a bf 05 ae 83 51 65 5c 62 f0 98 18 b3 0b 1c 53 71 96 ab d2 75 e0 4c 79 d9 c9 2c 84 df 50 94 40 08 8f 72 ec d9 34 b3 d7 2d 6a 1b dc d8 d2 c6 ba 8f 93 c9 a8 d0 11 b9 41 db 5d 27 d8 c3 46 11 a9 55 58 73 d1 8d 0e 1a e3 af 04 c9 62 08 91 86 3b b3 8b a4 4d 19 09 2e 0a e0 e5 a0 bd cf 2b f3 36 90 3c d5 7e 62 27 09 c5 c1 5c c8 54 99 d3 01 48 ef 23 03 72 71 56 89 38 c5 ce 33 48 36 17 d9 fd 62 43 86 be 9b 6a 30 21 d9 8b d5 5d 8f cb 54 5f a8 33 04 b2 4b ab 5f d8 13 04 7a c8 0e d9 79 0f dd 46 e2 6c 8d 5c d2 34 02 7b 58 ef 24 ae ac 98 8e ed 98 49 8b 2c 4d a2 a0 11 76 34 06 6e 78 9b 22 21 a0 a2 10 2e 75 44 a9 9d 88 a1 ec ea fe 46 da 9e 75 a6 58 b6 b8 34 18 Data Ascii: "E)l<CM'rEP'*4[He2iQe\bSquLy,P@r4-jA]'FUXsb;M.+6<~b'\TH#rqV83H6bCj0!]T_3K_zyFl\4{X$I,Mv4nx"!.uDFuX4
2022-03-03 07:35:34 UTC 1148 IN Data Raw: 82 df 23 92 4a 4f b2 e0 0a a2 8f 83 8c 5d 58 2d 19 a1 23 cd f6 10 a1 12 ef 0f 4e 6d 70 fe 43 a4 1d 51 0e ec d7 e0 20 90 1b 29 1d 40 40 b0 3c eb 18 a1 60 94 b5 b5 81 2a ac ea 31 46 1f 1a ff c3 13 c7 15 e9 1e 0e 32 d1 6d ec 5e 90 fe 46 99 1c 01 83 f8 aa 61 62 bd e6 67 38 d7 14 c8 c1 e1 56 52 d4 fb 23 8e 4e 6f 88 8b a8 8b 8b 9b a4 a1 14 8f f1 40 a4 13 6d 62 7c 8f 0a 70 79 f5 21 ed 4d a2 9a 86 ca 60 51 0e 16 dc db 86 ea 57 54 b2 33 dd ed 10 05 d3 fe 54 da 2c 0c e2 f5 2c 49 24 77 e2 9c 6a 38 01 17 1d 38 21 4a 0b 7f a9 3f b3 9d 3c 83 2b 77 ce 14 4c f0 ba 3e 0e 88 51 01 50 c8 5b 7e 1b 71 12 44 1b f3 de 7c c7 67 46 0c 07 7f 06 41 83 01 0c 07 67 c0 c0 db ac c1 36 1b dc fd 12 09 10 87 e1 a8 b0 93 ed f2 e1 5c e7 2c 16 3c 2a da ec b6 cb b6 45 5d 73 ac d3 5d ae 18 7d Data Ascii: #JO]X-#NmpCQ )@@<`*1F2m^Fabg8VR#No@mb|py!M`QWT3T,,I$wj88!J?<+wL>QP[~qD|gFAg6\,<*E]s]}
2022-03-03 07:35:34 UTC 1149 IN Data Raw: 3c 1e 37 ad 8e 4b 58 70 62 78 44 7b bc 1d 78 dc 44 b3 61 b9 3f 0d ab 4e e4 43 bc 83 05 0d be f7 90 3e 2e f7 f7 f7 cb 93 69 ff e9 51 62 3b d4 f1 85 3c 9d c3 d1 28 59 09 95 5a e5 29 9c 94 e3 03 e0 2a 61 87 78 5f ca 1a 22 a3 51 12 c1 88 34 3c 4f 60 36 ac 00 2a 1c 1d 55 87 15 21 13 ea c0 32 45 6b 50 4d f6 fb e3 41 bd 53 07 d5 f8 b8 4f 99 22 f5 44 06 45 eb a0 1a 96 8d 7b 99 83 65 0f 89 e0 43 f5 44 29 42 0d 8d 4c 90 27 aa 7c 14 89 61 3f 85 5f e9 cb 1e a8 91 a3 e7 a9 8b 4f 1f 5e a6 46 8e cb da c1 12 7c 53 87 bc 29 02 99 e1 d4 43 ef b9 e1 8d a9 25 be 94 c8 29 b2 04 a8 f8 40 9d 7b ca 12 98 cc c0 52 53 6f 48 65 e5 14 8d 06 0f 3d 9d 1d ce 47 e3 79 59 03 9b 54 1d d3 07 6b b2 84 6a fd 1e 9d 96 29 10 26 de 73 95 25 72 50 f6 a7 33 88 55 35 e0 2b 09 af 9b 1e 5d cf 92 82 Data Ascii: <7KXpbxD{xDa?NC>.iQb;<(YZ)*ax_"Q4<O`6*U!2EkPMASO"DE{eCD)BL'|a?_O^F|S)C%)@{RSoHe=GyYTkj)&s%rP3U5+]
2022-03-03 07:35:34 UTC 1151 IN Data Raw: 3f ff 7c f3 af c5 f5 be 0a 75 34 7d bb d3 b9 9d 5f bf 5f dc c2 fa d9 f9 a7 f9 e7 7f bc dd 69 09 57 37 e9 5c 7c 9a df dc c0 97 d7 8b 7f 7e fd 78 bd 78 f7 2c 72 04 0b 3f bf 7f 76 f3 e1 ea 5f f0 e5 ff dc 5e 7d d9 bb f9 7a 79 f9 f1 e2 23 6c ee 70 b1 78 77 3e bf a8 48 d5 22 00 27 67 0b ab 0c dc b3 d0 4a 14 4e f2 a6 87 23 d5 e5 bd b7 4b 4c 2f 89 a7 f4 5b ec 8e 1b 42 17 cb 7a 84 3d 53 ab 7d cf b7 d6 18 f6 40 e5 ba 13 57 f1 c4 19 89 b0 27 8e cf f9 11 8f c3 06 a9 45 b0 c2 7b 65 82 92 92 0f 89 24 74 47 4f 58 44 2a c1 b8 42 80 e7 03 8f 5a 78 11 b4 61 a9 24 91 27 fe b7 89 e5 7b 74 7a 8d bf 55 2a c0 fd 44 80 58 6e 9d 52 70 47 02 d8 be 9d 82 e8 fb 07 7d 90 fd 64 bc fb e5 d3 d7 eb f9 a7 dd ab cb cb 9b c5 ed 73 d9 f9 55 7c ab 1d b2 c0 9b a9 3f 35 8d 40 0d 8b 77 bf ca ad Data Ascii: ?|u4}__iW7\|~xx,r?v_^}zy#lpxw>H"'gJN#KL/[Bz=S}@W'E{e$tGOXD*BZxa$'{tzU*DXnRpG}dsU|?5@w
2022-03-03 07:35:34 UTC 1152 IN Data Raw: 78 f1 d9 e7 05 48 09 e2 80 80 31 11 d6 93 f5 22 a5 7e 86 86 7d 26 e5 48 83 dc 8f 3d 9d 00 8a 5b 68 13 82 f0 ca 5a 25 f9 3a e0 3b c2 36 16 16 8e 6d f8 5b 1c ff 9b d2 9d 29 aa 52 38 a8 81 85 0f 5d 08 50 8b 15 da b0 a6 98 b9 89 b9 6c 03 60 1e c7 c0 30 eb 24 be 19 7a db b4 8a 9b 9c 54 f6 e4 db 32 ae 01 c7 13 0a 88 75 ce 14 c1 6a e3 79 db 5a 13 33 68 68 d8 2c ef a9 59 b0 42 02 5e 33 41 18 2b 8c 28 b4 5d 69 df ab 87 12 44 a4 a8 aa 41 09 0f d7 b9 50 08 61 1c 1b 09 55 ae bd 7e b1 c9 91 33 08 23 7e 91 64 e4 c9 a9 60 a8 96 cf 50 1b c2 4c e8 79 18 c6 6c 31 6b 1c 13 a8 ca 88 51 d1 92 03 a3 29 15 aa 26 af c9 77 b8 d2 1d c6 6a 99 82 5b ac d6 3c 14 16 6f 5b 26 e0 b2 b2 ad 23 e9 2e cd 35 18 8f 8d 33 a7 d4 3f 27 5a b3 3c 0e 22 a9 66 e0 ae 21 ed 58 19 a2 c2 26 f1 18 f7 f3 Data Ascii: xH1"~}&H=[hZ%:;6m[)R8]Pl`0$zT2ujyZ3hh,YB^3A+(]iDAPaU~3#~d`PLyl1kQ)&wj[<o[&#.53?'Z<"f!X&
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 106 of 135
2022-03-03 07:35:34 UTC 1153 IN Data Raw: ee 5a 6e 2d f3 dd d3 28 ae c2 15 ca 28 07 19 8e 85 fb 49 c9 76 7e d5 7f 1a 12 b7 0a 74 f0 fd 49 ee c7 7b 62 bc 16 44 15 77 ab 2e b8 04 89 28 a5 bd 55 7c 4d 0e 17 85 68 be b5 99 1b cf 3e 63 4f 93 74 66 e8 23 b2 eb ab c2 a1 06 36 ab fe 98 08 7e 6d b9 fe 01 8f 12 ae 7e 19 80 87 e4 3c 84 e0 ea 52 26 90 97 2b 81 14 e9 2b b5 36 83 6f db d0 d5 75 d2 eb bd 97 da 89 c2 0a b3 a2 01 b4 45 86 98 cc c5 33 7e 69 0b 59 61 f5 61 e4 b6 fd 33 33 3f b7 ae c2 48 f8 e7 15 56 3c 78 90 0a 7c 7b ed 9c 0e c1 04 be aa 90 ab 4a 78 63 4d 30 85 91 c2 d7 85 52 f3 03 fc 7b 02 86 c9 b5 e9 5c 64 0b 89 97 55 08 3f 98 a2 cf 63 1c 14 e4 85 14 5b 14 73 9b 20 d1 08 c1 4a 2b 8d 07 68 a2 b5 f6 45 01 66 b8 e2 69 58 32 a2 d2 8a d2 6a e1 a5 0d 5a 04 e5 95 86 20 b0 aa 01 fe 50 27 f2 b0 97 d2 78 d0 Data Ascii: Zn-((Iv~tI{bDw.(U|Mh>cOtf#6~m~<R&++6ouE3~iYaa33?HV<x|{JxcM0R{\dU?c[s J+hEfiX2jZ P'x
2022-03-03 07:35:34 UTC 1155 IN Data Raw: bc e4 94 8c 1b 43 e4 08 bd 19 4e 21 43 1f 8c 5f 33 e6 c3 bc a0 10 91 78 d9 1d 1c 01 74 99 f5 07 5d 30 9b 33 c2 01 d7 34 67 97 9f 81 b5 51 e8 c4 3c b3 ce ac 8e 19 00 4d 15 e9 2c 36 b3 7a d2 9f 1c 97 33 62 18 cc 1b 62 d1 e2 26 2d 84 94 25 02 86 83 ee 69 e5 c5 c8 0e 98 e7 a0 be 53 01 88 4a c4 c5 4c 33 b4 d7 9f 76 a7 63 b2 80 7b 05 e3 f7 05 c7 5d ea be 98 d7 69 b6 d7 8f cb 92 84 67 ae 84 df 5e 3f 1d 70 5b e0 9a b0 ed 8a b3 e1 f1 f4 84 ac e0 5e 7e 7e 77 f7 6f 50 4b 07 08 62 6e ee ba 6a 12 00 00 a8 61 00 00 50 4b 03 04 14 00 08 08 08 00 2a 8c 04 51 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 5f 6c 6f 63 61 6c 65 73 2f 62 6e 2f 03 00 50 4b 07 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 29 8c 04 51 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: CN!C_3xt]034gQ<M,6z3bb&-%iSJL3vc{]ig^?p[^~~woPKbnjaPK*Q_locales/bn/PKPK)Q
2022-03-03 07:35:34 UTC 1156 IN Data Raw: e7 e2 50 12 43 62 8a 7c 0a 64 7f 9d d4 01 01 60 8a ab d7 68 33 3e 1e c9 43 14 2b 44 a1 75 01 27 52 5a 6b c5 46 41 81 3f 92 97 89 8a 14 46 42 38 5c 04 08 42 65 01 d1 14 cb 18 e4 ca 23 24 af 64 56 64 0d 61 0d f0 e3 9d 53 ce 1b 29 b4 00 f2 2c 61 06 7d 4c 86 67 c8 bd e0 48 35 c5 8c 38 d8 a8 04 e6 56 43 62 89 e2 5c 2e 16 79 f2 e4 49 da b6 86 bb 02 5c 5a d8 b6 04 ad 31 6c 6c b9 27 63 4b e1 9b 41 ac 8f a7 8a 89 08 88 ca 15 00 96 f0 37 00 7f 42 86 e9 49 87 b0 c7 dc 90 83 a5 ef 23 5d 03 5e 43 49 10 a9 0d 3a d4 26 c3 aa 44 27 65 c2 ac 5a a3 a8 2e 31 3a 09 d3 1a 25 0c 6c 17 52 28 a1 35 f0 87 17 66 e2 44 5a e3 20 75 86 68 09 8e ea 40 b1 00 20 d8 35 9d a8 01 a1 4a 2b 99 86 98 11 10 88 07 48 94 0a 50 2b c8 95 1c af ec be 93 df 27 14 f8 af 86 9a e0 25 df de f8 c7 67 ed Data Ascii: PCb|d`h3>C+Du'RZkFA?FB8\Be#$dVdaS),a}LgH58VCb\.yI\Z1ll'cKA7BI#]^CI:&D'eZ.1:%lR(5fDZ uh@ 5J+HP+'%g
2022-03-03 07:35:34 UTC 1157 IN Data Raw: 10 41 21 8c 64 fb cf 07 26 6e 08 05 99 36 f9 83 39 f0 80 33 40 24 b4 3b 66 b1 d2 61 e1 b8 c1 6b f8 17 e2 47 29 02 7f d6 4e 5d 68 cf c0 26 45 a5 3d ed 2b ec 6d 3b 33 98 87 e0 2f 97 43 61 d8 ec 44 28 68 e3 06 69 12 e6 67 0a f2 ac 71 56 68 e3 00 08 44 3d f8 65 dc b7 64 ef 6d 1d 05 7d 55 e5 d8 d0 f9 fe e9 7c 72 76 df d3 e3 26 27 ee 50 6d 45 ed ad 53 42 42 2c a9 02 c4 45 2e f0 a3 ce 58 bc 34 c9 3f a8 3f 95 6f d0 c7 0e 2d 53 be a5 ad 20 54 a0 6d 65 f6 63 3c 88 0b a0 aa 3a 14 a0 bb 5e 58 01 d9 e2 43 a2 24 60 da c9 79 bc 51 01 59 15 d8 46 5d bb 01 15 50 c1 f2 23 9d c8 41 87 4b ac d9 f4 fb de f6 3f ed 6c 06 52 17 e4 e1 52 85 c4 86 ba c1 6f 25 58 29 64 77 5a 83 b1 de 3f d9 48 43 62 0d e0 2b e0 1a 78 38 6f 00 e5 24 ab 00 7f fe 6a 0b 66 65 ae 79 81 3d d7 65 2e d5 c9 Data Ascii: A!d&n693@$;fakG)N]h&E=+m;3/CaD(higqVhD=edm}U|rv&'PmESBB,E.X4??o-S Tmec<:^XC$`yQYF]P#AK?lRRo%X)dwZ?HCb+x8o$jfey=e.
2022-03-03 07:35:34 UTC 1158 IN Data Raw: 77 d9 cd bd e2 80 d2 99 0f 86 e3 c5 df e7 fd b3 e1 ec cd 2e 05 2e a2 22 14 8e fb a3 e3 f2 6c f1 7c 3e 9b 8d 47 74 0f f4 19 7f 4a 61 3c 9a c1 01 60 17 e5 b4 3e d3 2e 11 ae 23 49 88 0c 86 83 c5 68 3c 5b cc 26 e4 18 5c 2d 95 ac 3f 29 cb c1 f3 fe f1 cb 45 79 de 1f 9e 2d 4e 86 e5 d9 60 97 10 f7 7c 66 9e d0 c9 78 72 be 18 94 d3 e3 c9 f0 82 3d 16 33 f4 94 a7 f6 a2 ec 0f ca c9 2e 0d ae 40 91 a7 71 31 19 9f 5f cc 08 7b 68 f7 20 4f 62 52 fe 7d 3e 9c 94 84 35 5c 73 23 4f 65 f6 e6 a2 bc 43 dc 74 0a 81 90 3a 1f 4e 26 e3 c9 70 74 da ea ee 62 3a 7f 5e f3 08 be 22 6a cc 44 cf 84 e0 a8 9c bd 1e 4f 5e 82 1e 9d 9c 94 93 5a 1d 5f 0f 4f 86 84 df 4c 02 9a 25 95 3b 20 f7 e6 ad 2c 91 69 ff bc 64 b7 c2 8d 9d 64 a9 bc ae 65 b6 b8 38 26 ac a1 01 29 a5 31 de 5d c5 3d 28 4d 96 5d 4c Data Ascii: w.."l|>GtJa<`>.#Ih<[&\-?)Ey-N`|fxr=3.@q1_{h ObR}>5\s#OeCt:N&ptb:^"jDO^Z_OL%; ,idde8&)1]=(M]L
2022-03-03 07:35:34 UTC 1160 IN Data Raw: 38 6f 7c 58 ba ae 99 aa ed 1a 86 06 4f aa 61 11 1f b3 e3 3b a6 6c 8a 7c d5 ba aa 94 3a 53 e2 a2 c0 ca e2 8c 2f 0e 51 cc e2 af ed 44 4f 95 79 5e 64 71 fd fa 2e 57 84 d9 03 2b 4e db a1 2c d5 53 31 96 e9 68 aa ab bb 9e e5 1e 0e d5 cb 8b 22 8e aa 76 43 6c c3 b6 5d db 31 79 98 4c cf 34 1c fb f0 fd 49 5c dc 3e bd ef aa 88 a8 ee 98 b6 e5 7a a6 e5 68 0e d9 f2 eb 3c ad ef db 97 2d d5 f0 1c 4b 45 f0 75 55 57 0d 97 4c 66 92 63 2b 1f e2 ba 88 15 c4 ad 77 57 e4 f7 71 c4 ca 0a cb 4a 8f 5f cd e6 fe 74 be 1c 86 a3 f7 af d8 26 4d 22 b6 db a9 8b 3c 5f a7 71 93 17 97 b0 79 15 8c fa cd 8b 6f 5b ab d9 c4 1f bd fa 51 fc bb f8 79 84 09 6d 52 16 c5 77 79 ba 8a 8b 52 cc 64 6b 25 fe 40 88 2b a4 16 9f d6 2b 4d 2c 60 6b 4c 1e eb e2 f1 d3 f4 c8 0b c6 de 0b 52 0f e6 d1 e3 63 47 8c 96 Data Ascii: 8o|XOa;l|:S/QDOy^dq.W+N,S1h"vCl]1yL4I\>zh<-KEuUWLfc+wWqJ_t&M"<_qyo[QymRwyRdk%@++M,`kLRcG
2022-03-03 07:35:34 UTC 1161 IN Data Raw: 4b bc 85 f9 b2 1b 48 21 1e dc 0a 3a 9a 15 54 47 9b 16 b0 dc 45 7b a2 8b 1e c2 72 29 57 8c f2 c6 fb 26 e7 03 b5 23 a3 70 77 83 77 ab 74 2e 35 00 a1 9e 6e 58 80 73 cb 53 a9 f7 20 45 4e dc b7 75 11 6d e9 31 7b 36 26 12 06 1a a8 88 4f 15 48 28 ee 1f 63 a5 c8 3e b1 2a f9 b8 d0 16 ba 63 98 9e 87 e6 c0 b2 80 c9 87 e3 86 59 82 c2 db 85 76 9d a0 8c 1a 5b 87 33 2c 26 6b e1 3f 86 03 b0 23 5b d8 46 24 db 86 a4 49 d5 c3 8c 38 55 04 45 b5 85 20 36 80 83 45 3b d1 3d 7a 02 ad 00 5a 91 30 60 79 cf 32 4c 97 04 69 76 98 03 08 d7 5e 51 0b 2f a0 7c d3 b0 4d 34 45 16 fa 22 c7 b0 68 ac 9f 75 38 96 aa f3 be c9 35 41 2b 10 4d aa 69 93 ec 0b d2 43 30 42 32 71 84 01 81 ed 21 4c 5b 80 1c 9e b1 e6 04 14 c0 4b 25 bf 81 f6 04 64 41 35 26 6d 14 5c cc 98 89 fc dd ee e8 1e 7e 09 84 38 8e Data Ascii: KH!:TGE{r)W&#pwwt.5nXsS ENum1{6&OH(c>*cYv[3,&k?#[F$I8UE 6E;=zZ0`y2Liv^Q/|M4E"hu85A+MiC0B2q!L[K%dA5&m\~8
2022-03-03 07:35:34 UTC 1162 IN Data Raw: ac 76 a1 a9 34 f4 8d 1a c8 06 8c e3 60 eb 0f 3d f1 23 e2 f6 5d b4 0f 9a e5 19 e8 6c 5d 68 4c 5b 27 5c b6 97 5a e4 8e cf 45 74 3d d4 a2 ad 69 96 aa f2 c4 a2 17 6f 71 11 b5 63 39 aa cd db 70 95 b7 a4 26 e8 d6 24 11 b9 68 4f 8a 10 95 b2 11 6e 1d dd b4 70 e8 71 fd 88 7d d5 d0 7d e1 a7 0b b9 24 47 ec 7d d3 c6 52 43 93 8d aa b6 39 8a 58 fc 38 94 4c 65 0e f8 e1 47 75 20 bd dd 05 44 23 14 c5 e9 db 2a 2f 14 7e 66 00 d6 5d 61 86 c9 89 72 3d 19 9d 28 a2 80 6e f3 08 9c 0a 98 5b 17 ec 1e cf 78 1d 8c fc 59 a3 e8 f9 3d 87 a3 ba ae e1 42 ca f2 43 26 2a 9d b7 ea 81 13 75 e7 71 02 3d 65 d9 dd 14 f0 0b ae 55 13 a2 ab a0 1f fa cb e9 78 31 0f a6 4b bf df 0f e7 e1 78 e4 0f 97 bd f1 d5 55 30 9a cf 0e 87 96 5d 5c 51 3f 8b 7e 38 5e 7e 58 f8 c3 70 fe e9 d0 83 0c ac 88 87 9e 3f ea Data Ascii: v4`=#]l]hL['\ZEt=ioqc9p&$hOnpq}}$G}RC9X8LeGu D#*/~f]ar=(n[xY=BC&*uq=eUx1KxU0]\Q?~8^~Xp?
2022-03-03 07:35:34 UTC 1163 IN Data Raw: 86 71 90 11 88 ab 17 72 21 e5 ff 7e 9e d1 8c 00 33 23 df dd ad bd fb 25 06 a4 ee e9 e9 e9 7e fa e9 96 f2 f3 4c d7 74 cf f7 2c db d1 2d cf b3 0d cd d6 dd b3 8f e4 e7 d9 92 66 59 f8 9d e2 f3 d9 7d 34 a3 09 d9 85 cb 74 f7 ad d0 34 aa 9f bd 9c 93 33 dd d0 4d df 76 7d cf 70 0d d3 73 6d df d0 4e 05 6f 72 9a 32 89 a7 19 59 27 eb 28 23 2b fa 1c 97 2a fc 35 25 9b 6d 96 47 f3 e2 19 9f 42 fc a8 3b 7a 44 b2 f2 ea ac fc 6a ff 26 d6 c1 0a 8e e7 3a 96 a3 99 ba af b9 f6 e9 32 0f cf 11 97 e7 62 c9 86 5b b9 e2 ba 60 38 fb dd f6 f9 d7 1d 15 bf 73 e5 96 e1 59 d8 b8 03 bd 9e 6e 38 ae a9 9f 6a ef c7 db 55 11 27 59 4e 36 f0 43 c8 c5 6c c3 d0 2d cd f1 4c 53 87 b0 66 da b2 18 5f 34 5a 27 cf d5 8a 24 a3 f0 c0 6e 26 ec 89 e2 a4 41 1e 16 45 96 53 92 27 64 9d 26 62 f7 4b b2 5b 25 9b Data Ascii: qr!~3#%~Lt,-fY}4t43Mv}psmNor2Y'(#+*5%mGB;zDj&:2b[`8sYn8jU'YN6Cl-LSf_4Z'$n&AES'd&bK[%
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 107 of 135
2022-03-03 07:35:34 UTC 1165 IN Data Raw: d9 b9 bc e7 19 61 93 a2 3a 3f 6e ba 38 ec 74 c5 ff c2 cd f4 31 c1 3f 5c e9 72 9b c5 e2 ca 87 f2 2c 93 82 4c ab 3c 17 17 56 db 8a fa 65 49 11 87 b3 a2 42 cb 55 d5 0b 2c a3 6a b5 0c 66 e2 1b 80 28 05 68 13 08 2c 78 bc 61 1f 0d d2 3b 0a 93 3d 7f 56 42 01 e2 ed 39 9c 71 dc 41 db c1 28 69 52 cc 51 cf ab b5 45 5c 2e cf 09 df 2e 6e 58 27 31 15 47 cb 5a 00 41 49 c5 21 54 77 1d fa 97 c3 c2 d8 33 5b b4 40 e7 f3 ea 78 73 b2 80 1b e5 53 8b a3 c7 64 93 c4 95 c1 59 2c a4 60 76 e9 dc 7d e4 72 13 38 a8 59 68 da 4c 50 13 40 26 58 01 d2 d3 94 28 7b 6b 3e 65 3b 55 18 86 5c 4c 66 51 fe 9b d0 e4 a0 95 b1 4d 06 10 9a 61 9b 40 5f 59 d3 f6 91 b7 3f 96 81 52 84 de c7 72 3d 54 23 c7 d2 3d b9 bf 48 b8 f9 38 ba 0d 5d 20 0d cb 74 56 e2 f6 e3 36 66 cd a5 70 0f d0 a1 81 34 df 88 5b 23 Data Ascii: a:?n8t1?\r,L<VeIBU,jf(h,xa;=VB9qA(iRQE\..nX'1GZAI!Tw3[@xsSdY,`v}r8YhLP@&X({k>e;U\LfQMa@_Y?Rr=T#=H8] tV6fp4[#
2022-03-03 07:35:34 UTC 1166 IN Data Raw: 15 8c 63 2e 56 5f 3c 0e 64 4c 51 46 fe 7f d8 99 bc 85 df 49 ce aa 2c c5 d1 99 a8 45 ae e6 ba 6c 4c 85 0f 12 52 3f e4 31 6b 50 f8 ed 2e a3 81 b6 8e a3 46 5f 8b 02 26 8f d7 ee f9 71 1c b5 52 ac 79 64 ed 02 2a e3 a2 6e ce fc 8d 4f 4c 50 66 f2 e4 9c 84 28 01 3b fe 13 c4 62 9e 90 55 9e 71 43 d0 38 7a 9a a9 3b 06 0a 0c 1a 63 57 ae f6 12 35 23 bc 4a 3d ed 44 a7 85 28 af 62 99 ff c1 0f 25 4d 23 ef 57 a1 20 e5 0d 62 9c 5b e4 ea 7a 07 5d 36 fb fb 41 2c 8f 5e de b0 0c 10 0e b0 2c 13 c0 2a b7 39 fb 38 d9 8f 05 aa 66 b1 86 3a 21 b2 40 1e 53 1a 2e 4f 1f 8f 96 68 51 94 2b b3 ac 61 3d 96 0e 13 0c 03 04 d5 90 48 c4 43 b8 5e b1 d9 f6 be 91 44 c7 cd e8 06 98 47 c9 88 35 df 93 64 aa d1 72 c9 f4 b8 10 4a 87 ef fb 4e c9 58 2c cb d5 e5 bc 1e a5 f3 70 0f 70 df 5e cf 8a 15 64 c5 Data Ascii: c.V_<dLQFI,ElLR?1kP.F_&qRyd*nOLPf(;bUqC8z;cW5#J=D(b%M#W b[z]6A,^,*98f:[email protected]+a=HC^DG5drJNX,pp^d
2022-03-03 07:35:34 UTC 1167 IN Data Raw: 92 37 22 3f cc ad 57 f1 39 18 dc c8 84 40 31 d0 aa 57 51 53 21 54 ef 37 bc a1 44 51 21 54 8f ec ea 35 70 6a 22 97 5d f9 3f 1c bc a1 63 04 be 29 87 ac ea 71 64 bd 92 71 f7 4b 73 d4 ba 56 05 99 ea 41 8d 4a d1 d7 de 18 1d 7a 77 f8 45 91 3e 8a 37 3f 8f 54 5c 37 bb 57 a0 2e 93 4e b7 89 b4 b9 97 2c 50 8d a5 95 e2 f7 c8 36 99 3a 29 de 11 52 48 8b 0e 40 6e 15 e5 67 9d 0a e9 51 67 74 1b 4c a4 c4 50 bc 04 7e 24 cc db 42 b4 2c 82 30 b4 9a 7d 86 62 d2 0e 14 0f fc f7 5a 40 51 25 77 29 86 fe d5 fd fd e6 78 28 09 a8 5e 92 dd 0b dc 36 65 f8 52 bc 5b 5c dd 3f 0c 02 a9 3c ab c6 7b d5 fd e3 ae 6a 0b aa 31 78 25 71 df bb 1d df 49 12 aa ff 3a f3 f2 f2 1f 50 4b 07 08 df 97 26 53 40 10 00 00 5d 35 00 00 50 4b 03 04 14 00 08 08 08 00 2a 8c 04 51 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 7"?W9@1WQS!T7DQ!T5pj"]?c)qdqKsVAJzwE>7?T\7W.N,P6:)RH@ngQgtLP~$B,0}bZ@Q%w)x(^6eR[\?<{j1x%qI:PK&S@]5PK*Q
2022-03-03 07:35:34 UTC 1169 IN Data Raw: b6 83 94 c1 bf 1e 76 f3 64 76 51 8c aa c5 26 52 59 d7 70 14 cb 33 3c 0a 83 70 dc 49 d5 6e 4b 65 cb 7f b0 94 6d b4 2b aa 36 61 58 a6 ae 9a d8 08 ad 54 35 0c 18 29 6c 35 60 5f ea a5 36 38 00 10 14 b6 d9 70 96 e7 19 87 4b 87 17 7c a5 a9 a2 9f 79 e8 b1 0e 5c 86 36 6b 8b 11 b8 8a e2 24 42 f6 14 e8 3e 3f 22 a2 2b f4 c5 9f de 37 d2 74 78 4d 53 3d 9d 2a 4e 17 3b 63 ef b9 5f 9d 80 5b 14 71 96 1e f3 1e 56 ff 42 74 24 db b2 3c 2a e3 87 e2 b1 28 d9 86 95 7c 01 53 ba 00 e6 13 34 f6 a2 8c 93 04 e9 c4 f2 4a 92 2d a9 d5 c6 0f 94 59 05 e8 42 09 a2 11 af 79 8e 15 5b f6 85 96 2a 45 b4 29 2b 2d 8b 18 e4 06 ac 22 2e 50 f5 49 b6 5a c6 09 85 1d 8b 09 52 77 69 bc 86 82 2c 2d d6 51 1a d1 13 da 90 52 a3 20 1d 80 5c 5e 4e ec 01 d0 b4 63 40 19 18 9b 3c f2 ec e6 e6 ec 94 9a 1f 81 4b Data Ascii: vdvQ&RYp3<pInKem+6aXT5)l5`_68pK|y\6k$B>?"+7txMS=*N;c_[qVBt$<*(|S4J-YBy[*E)+-".PIZRwi,-QR \^Nc@<K
2022-03-03 07:35:34 UTC 1170 IN Data Raw: 80 6d 19 1e 90 10 a9 e3 7a aa 18 91 05 d2 ab 60 c9 0f 20 ed 65 04 6e 4c 69 42 45 59 19 40 57 99 94 3f 11 0d 1f f4 ac a3 5c d6 15 0b 6c 49 61 1e 31 7e 82 8b 3a 48 ca 66 87 dd 89 9e bf 80 45 5e c3 08 9f c7 9f 2f 62 0b ba dd d9 27 d7 1d e5 8c 10 6b 53 bc cc 2c 29 3b ae bb b2 45 68 43 89 cc 59 75 83 71 9c 28 e3 c1 8a 9b 03 94 7a 66 d8 22 77 af f3 db 03 63 01 39 24 c2 0a 38 04 5d 14 2a 99 02 40 4c 87 ca ef 9e 25 65 bd 27 17 77 34 24 0c 6a 44 05 46 23 06 2a c2 29 e1 3c 65 dd d9 c1 3b 8e 01 9e d1 42 21 cf 14 eb 9a 17 ec 51 8f 4e a3 d5 b5 89 e3 51 df c4 a8 2f 0e b9 1c 2b f7 d9 43 1b 6e be 70 89 57 08 fa e7 d0 0a d1 ee ff 92 55 34 e5 80 50 18 c0 61 47 75 1c 9a db f1 83 d8 25 92 3a fe e8 78 c0 b5 65 5e dd 8d 38 0e 51 19 4b 43 14 31 ca 00 c7 c5 3b 88 1e bc 43 6d 8a Data Ascii: mz` enLiBEY@W?\lIa1~:HfE^/b'kS,);EhCYuq(zf"wc9$8]*@L%e'w4$jDF#*)<e;B!QNQ/+CnpWU4PaGu%:xe^8QKC1;Cm
2022-03-03 07:35:34 UTC 1171 IN Data Raw: 88 cb be af 68 13 e7 a5 26 60 a9 84 89 b7 2a 90 f5 07 d9 9d 7a ab 82 c9 0c 95 2a a2 a1 6c f0 91 e9 e0 7c e8 e3 ec 6c 3e 1c cf 03 22 36 62 3a 8a ef 7e 5b 15 51 7e 0f af 03 91 08 4b 3e ad 6c 55 d2 0f fc e9 0c bd 8a 08 5f 20 41 5d f1 6d 64 ab 2a b4 0a 31 a9 65 9f b5 b4 6a 00 71 fd 0d e8 83 3a 6d 6b 5e b2 6f 86 64 ea aa fe f5 06 ae 4a de 9e b5 eb e9 8f 83 e0 1f 62 33 93 7d 59 db ae 44 06 ce 92 0f a8 de 50 30 46 ac c4 83 88 2f f5 da 55 fc 16 8c 2f 44 42 20 b9 51 6a 57 d1 d2 21 64 2f 9e df 50 22 e9 10 b2 d7 41 ed 1a 2a 6a 22 b6 5d f1 93 dc 37 74 4c c1 37 c5 94 95 bd cf 6a 57 32 1b dc f8 d3 ee b9 2c c9 64 af 16 64 8a 3e 0d 67 98 d0 07 93 1b 49 f9 48 be 22 db 53 71 ee 0f ce 40 5d e6 e1 c0 47 d9 5c 0b 16 c8 2e 74 a5 e2 d7 a8 36 91 3a 49 be d1 90 48 d7 13 80 38 2a Data Ascii: h&`*z*l|l>"6b:~[Q~K>lU_ A]md*1ejq:mk^odJb3}YDP0F/U/DB QjW!d/P"A*j"]7tL7jW2,dd>gIH"Sq@]G\.t6:IH8*
2022-03-03 07:35:34 UTC 1172 IN Data Raw: fb 98 fe fd eb 9e e9 ba fe b7 8f d5 2e cd db 7f 52 0d 99 b0 fc e1 eb c9 ba ae 77 d5 a7 8f 1f ab fd 6e 57 94 f5 f9 8a db e7 fc a1 d8 7e 7c 78 35 e4 c7 34 af 90 29 1f cd 80 e7 ec d7 13 ad 4e cb 15 ab 21 3f 9b 6f d2 fc f1 eb 49 ab 98 26 d1 1e 36 69 55 e1 65 89 f0 ce 4a b6 38 6b 56 04 c1 7c 75 56 ad 8b 27 bc fc 53 5d ec ce ab fd 72 99 3d 64 d8 5c 9f b1 c5 3c 7d 20 55 dc 04 c8 01 c7 73 4c 1b 73 7a 96 a9 7b ae 21 05 d8 2f fb aa 49 9c e7 4d 46 11 fe b9 d8 6e a1 2a 2d d9 a7 ff d4 99 4a 5b 1b bf e5 0c b3 71 86 62 b1 4a 67 1c ba e0 ff d1 52 4e 60 58 7a e0 e8 be 6f da 81 69 18 12 60 84 f3 79 c9 60 a1 bc 11 08 6c d7 d3 91 88 c8 5e cf d7 03 cb 3e 16 f8 4c b9 a4 85 39 41 94 90 31 03 48 e8 01 a0 cd 71 4d 13 32 12 ec 7e 1b c2 4e f1 65 0c 43 4d c6 a7 bb cd be 4c 37 a7 c5 Data Ascii: .RwnW~|x54)N!?oI&6iUeJ8kV|uV'S]r=d\<} UsLsz{!/IMFn*-J[qbJgRN`Xzoi`y l̀^>L9A1HqM2~NeCML7
2022-03-03 07:35:34 UTC 1173 IN Data Raw: e3 a6 9f b9 c6 d4 ec fc ad 75 f9 bf 74 28 ef b4 20 2d a9 55 d8 eb fd 0e e3 3f 6c 2a ea b2 d8 63 c7 20 b9 45 2d 9a 0b c7 b4 dc 96 d5 3a a0 55 00 30 d3 f7 d0 99 02 79 1c 43 0a b5 f0 f1 99 ed 6a 70 9c 4d 23 e1 39 0e 35 99 4e 00 5e 84 ca 2b 93 9c 31 5b 97 da ea 8d d0 5d f7 1a 49 f0 1a cc 87 f6 d7 45 f9 07 4f 90 9b d9 4b 9e 58 07 cd e5 9c 71 cf e4 5a 45 e5 07 1e c3 16 a9 0b c9 b5 fb 9b 30 11 81 ed d8 b6 ae 63 51 20 5e d8 82 07 d6 26 d1 cb e6 b0 22 2c 6b 1e 05 af e9 b3 ca e6 dc e9 3f 36 8a a0 2a f0 c1 7a 1c 80 08 c8 85 a4 a7 07 fc 7e 8d 19 d2 34 e6 2c 20 dd 2f b2 42 54 5e 62 9e fc 4c 64 ab bd 1d 60 34 09 ba 87 fb 9b 84 17 25 ad 99 d5 45 93 69 83 c1 a1 9a 98 f4 24 d5 11 b1 7c 62 2e eb 74 03 a3 3c 3f 9d 03 a4 f8 96 a6 a3 1b 6d 9d 8a c8 05 00 f0 b5 d5 ed 76 40 c6 Data Ascii: ut( -U?l*c E-:U0yCjpM#95N^+1[]IEOKXqZE0cQ ^&",k?6*z~4, /BT^bLd`4%Ei$|b.t<?mv@
2022-03-03 07:35:34 UTC 1175 IN Data Raw: 69 78 13 4f be 1c 6b 50 01 96 a4 e1 32 4c 2e a3 9b d9 c5 74 32 19 24 f2 1a e4 cb 1c 59 c3 20 99 60 03 58 45 34 a6 3d 1d 2b 51 f5 6d 92 92 5e dc 9b 25 83 c9 6c 32 92 b6 a1 22 9a 92 7c 3f 8a 7a 17 e1 e5 e7 59 74 1b c6 37 b3 7e 1c dd f4 8e 15 a9 ce d3 bb 15 f5 07 a3 db 59 2f 1a 5f 8e e2 a1 72 5b 8a 03 9c 6e 6d d7 51 d8 8b 46 c7 3a 54 74 aa 5b c7 70 34 b8 1d 4e 24 f3 c8 4d 4b b7 8a 51 f4 f3 34 1e 45 92 69 54 fd 52 b7 96 c9 97 61 f4 8e bb e5 53 06 49 d5 6d 3c 1a 0d 46 71 72 d5 c6 ee 6c 3c bd 20 1b e1 27 29 8c 15 e5 50 52 98 44 93 fb c1 e8 33 e2 a8 df 8f 46 14 8e f7 71 3f 96 ec ad a0 37 9d aa ba 36 a8 fa e6 a3 53 c9 38 bc 8d 94 4b 51 9d f2 74 6a b9 27 9f cd 86 97 92 69 e4 72 26 eb 18 1c 4b a9 6e ab 24 b1 e1 28 be 0b 2f bf cc 7a e1 24 9c 4d c7 e1 55 a4 48 27 e9 Data Ascii: ixOkP2L.t2$Y `XE4=+Qm^%l2"|?zYt7~Y/_r[nmQF:Tt[p4N$MKQ4EiTRaSIm<Fqrl< ')PRD3Fq?76S8KQtj'ir&Kn$(/z$MUH'
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 108 of 135
2022-03-03 07:35:34 UTC 1176 IN Data Raw: 2a 9c 96 2c 53 97 db 07 26 72 43 27 b3 70 e4 58 17 0a 89 8a 88 78 71 59 b3 60 95 92 46 14 5e 6b 09 8c 08 6d 79 16 90 0a 45 89 60 b1 3b f4 24 89 65 b1 42 2a 8d cf 57 23 9e d5 e3 cd 8a 80 c4 1d e5 16 b6 fb 8e ea a4 f1 36 ea 5d ae 91 58 56 f5 57 1f c7 ad 59 11 04 ec cd 38 29 bc f2 c1 fa 87 48 77 be ae a9 14 ba 28 7c e1 4c a5 3c 26 18 ed 0a d6 f8 6a bd 5c 6d d7 37 4a 5f d3 ad 69 79 01 3a a8 9c 29 ac 0f c6 3a e9 58 d7 e0 3d 39 32 89 a5 d6 a9 d9 db 4a 3e 9e 88 8d 0f b1 b0 29 67 05 a8 b9 12 aa 22 c7 6e 7b 49 4e 54 6e d9 9e a3 33 6e 04 bd c2 ba 65 5a bf fb c5 64 8f de 5e 5f fd b1 5e ce 6f 6e b1 56 20 8d 5d ac 3a 8f c6 93 ee 68 32 3b ed 0f 5e 3c 42 2a 52 a0 8d 4b 74 44 f5 71 e9 5a 06 9d 93 ab ab 37 ef d7 9d e7 f0 94 47 e5 a0 57 53 f9 ad a1 39 3e ef 0e 1e fd 79 f3 Data Ascii: *,S&rC'pXxqY`F^kmyE`;$eB*W#6]XVWY8)Hw(|L<&j\m7J_iy:):X=92J>)g"n{INTn3neZd^_^onV ]:h2;^<B*RKtDqZ7GWS9>y
2022-03-03 07:35:34 UTC 1177 IN Data Raw: a2 e3 e1 aa a4 f7 24 9b 04 62 63 20 90 a4 3f b8 a2 98 54 6b b1 aa e0 e7 d7 df a9 25 a7 e9 33 1b f8 be f9 07 d9 4f dc 6b c6 d2 92 58 d0 28 7f 3b 14 c6 da 8d ab 72 94 44 de e5 38 54 9b 8c 8e 78 81 04 7f d9 ca 66 ea 1f 1f 18 7e 52 a3 ae 8f 7e de 6e 65 54 12 4b 84 65 a9 57 99 e3 fa 73 02 4f c3 f6 09 8c 73 65 2c 2b e7 62 98 04 2c b1 81 43 9c a6 21 7c d2 60 d0 58 3c c4 51 3e fb dd 43 c6 f3 e5 24 42 83 22 86 6e b4 08 9d a8 06 2e 16 a3 be 01 76 c9 4d 18 62 b2 db 24 90 63 81 21 fb 64 c2 f2 0a eb 12 4d 31 90 03 89 b1 2c c5 08 88 9b 54 a5 f6 3f b8 8c 54 52 9e be d1 2d 1d e6 7c 2c 95 70 b6 9a 8b 33 e7 d0 c0 c4 58 79 45 14 b3 b5 64 c6 e7 7f 83 9f c4 a5 8b a4 b3 f4 15 ee 9a da 5d 54 0b 64 a9 f7 44 97 a4 33 e1 08 53 f7 3a ec af f3 84 f7 38 ec e5 1c ed 7b 95 59 d6 64 a7 Data Ascii: $bc ?Tk%3OkX(;rD8Txf~R~neTKeWsOse,+b,C!|`X<Q>C$B"n.vMb$c!dM1,T?TR-|,p3XyEd]TdD3S:8{Yd
2022-03-03 07:35:34 UTC 1178 IN Data Raw: 09 f5 a7 19 ee 97 b5 f2 17 a6 ba 93 a3 8c d5 00 4b 6c 61 f9 31 d9 bd ba 38 df 54 63 6e 51 73 3c 6e b4 fe d9 43 cc 54 3e 3f 6f 86 b9 b0 de 06 c0 ce 85 04 c0 08 11 1e 70 e3 9e 95 c4 c4 62 69 71 6c 9e 14 d5 b0 dc eb e7 16 d2 00 ae 08 52 39 e5 ad 16 8c fe 6d a8 38 a4 5f d8 87 61 f7 94 2b 5a ee 35 7f 9a bb 84 95 58 27 ce f7 91 6b 4b 71 5f bd af 00 b9 81 d3 3a 40 9a 00 6e ca 07 c1 2b 3b cd a4 71 36 48 83 f9 25 92 69 f2 ec a7 9b bd d4 17 58 b8 66 18 96 0d 9d 0f cb 0d 46 e0 22 4e d2 52 a4 73 68 78 38 8a 0e e9 25 1e 2a 3b 65 75 0f e6 c1 93 03 5f 7b 83 ee 27 8c 5c 61 51 a3 aa 1d 53 ec 48 42 46 d2 a5 6d 9d c3 49 80 01 76 8e a8 fa bb 4c 62 35 76 c9 08 de c7 c1 4e 5c b7 e0 e6 f4 1a 98 dd 0c 2f e4 d2 b8 64 60 da 6e 39 4d 46 00 b1 dd 18 b2 f8 db 86 a5 be b6 17 90 2f f6 Data Ascii: Kla18TcnQs<nCT>?opbiqlR9m8_a+Z5X'kKq_:@n+;q6H%iXfF"NRshx8%*;eu_{'\aQSHBFmIvLb5vN\/d`n9MF/
2022-03-03 07:35:34 UTC 1180 IN Data Raw: 99 cd ce 8f 88 68 28 2e a7 34 86 bb ab b8 37 69 90 65 e7 a3 fe 45 f7 e8 d5 ac d7 9d 74 67 d3 71 f7 a4 64 cc 89 bc ec 81 90 19 57 49 14 ef 5c 38 4c c4 af 3f 1d 9e 10 f7 c8 54 77 99 c5 93 e9 f9 ec a2 3f ee 3f eb 6f 94 2c 7b a4 cc 7b e8 28 b5 e1 f1 e4 65 77 94 d7 7c 0e 61 11 2a d3 c1 8b c1 f0 25 59 cb 15 ec c9 da 8b 7e af cc 7b 7b 26 ad c8 50 18 9f 0d 87 93 e7 83 72 4c a4 ca bd e5 91 10 79 55 d2 60 c5 bc c1 67 b3 6e 7c 32 3b 06 87 0c da 3b 19 42 ac 19 13 f7 c5 dd 38 6a56 82 a4 c0 db f4 ca 41 9f 7a 2c ee f2 59 ba 6e d2 3f 2b 81 61 62 78 cc 10 50 b3 f0 6c 13 cd 06 e5 d1 24 72 4d e4 c3 bc 82 12 2d fe e2 21 eb b8 dc 3d 3a 2a cf 27 dd 67 a7 c4 76 b8 69 ae 3c 9d 93 e1 90 70 c2 65 a1 79 0a e7 e5 e8 18 76 45 b6 c3 bc 30 b2 85 c8 70 48 22 18 53 64 c8 13 98 0e fa 00 Data Ascii: h(.47ieEtgqdWI\8L?Tw??o,{{(ew|a*%Y~{{&PrLyU`gn|2;;B8jVAz,Yn?+abxPl$rM-!=:*'gvi<peyvE0pH"Sd
2022-03-03 07:35:34 UTC 1181 IN Data Raw: 53 b0 bb f7 1f 8f 36 55 b5 2d df 9d 9e 96 bb ed 36 2f aa 93 b5 88 cf c9 32 bf 3f 5d 3e 47 f2 34 ce ca 07 56 9c ea 9e a8 b2 8f 47 4a 15 17 6b 56 c1 7e 71 9b c6 d9 a7 8f 47 ad 63 3e 89 b2 4c e3 b2 c4 8f 05 fb d7 2e 29 d8 ea 6d b3 22 18 66 eb b7 e5 26 7f c0 8f 7f a9 f2 ed 49 b9 bb bb 4b 96 09 36 37 60 6c 75 1b 2f b9 2b 11 02 e4 b5 e5 58 ba 89 39 1d 43 57 1d 5b 23 09 e6 af 56 09 4f ec 38 55 b0 de 7b 38 29 df fd e9 53 94 06 59 fb a3 53 d0 9b 53 90 ac 52 7a 0a fb b1 ff 1f 86 c8 f2 34 43 f5 2c d5 75 75 d3 d3 35 8d 56 7f 9c 2d 59 da 8c f6 4c db 51 51 7e a8 59 c7 55 3d c3 3c 1c 3d 3a f5 eb a1 ba 87 81 aa 07 3c b2 6c 5d c7 50 02 90 5f 26 88 4d d8 0b 11 9c 68 76 ac 6c d3 5d 11 a7 c7 40 cc bb 92 55 ef b4 f7 aa f2 e5 22 ce d6 f9 ae 7a 7a af 3d 7f 56 1e 92 6a a3 7c 19 Data Ascii: S6U-6/2?]>G4VGJkV~qGc>L.)m"f&IK67`lu/+X9CW[#VO8U{8)SYSSRz4C,uu5V-YLQQ~YU=<=:<l]P_&Mhvl]@U"zz=Vj|
2022-03-03 07:35:34 UTC 1182 IN Data Raw: 8a 9e f9 39 b5 e2 a6 49 ab 51 15 f9 f1 53 e3 0f 1e 3d 17 42 c0 42 e9 83 7a 89 3b 9e 78 7b e4 1a ef 56 49 ce 93 90 57 7f 73 00 a8 38 b1 ea 84 e3 d7 0b 14 5b e8 30 55 c3 84 64 01 20 eb fc 13 81 62 b1 d6 26 39 4e e7 d3 4b 05 9a a7 5e e7 b2 9e b6 5d 25 84 07 a4 01 2a 1e d2 00 2a c8 23 22 98 eb 2d cc 7e 0b 3c 16 2c fd 1d 2a 44 34 22 2b b6 fa be 76 62 a3 65 d2 d0 a7 61 cb ae 6a a9 00 cf ee 13 c7 21 0e 86 b5 99 03 54 44 80 38 93 60 0f ba 67 91 5d 8c 97 58 6d dd fc cc aa 1d 24 41 4d 05 d0 4b 10 61 96 86 08 03 54 41 09 26 55 94 79 de 8e 45 4e a1 27 07 86 bb ae 89 43 d6 c8 0e 5f a3 0d 7e 18 b5 62 04 24 08 87 b6 8a 94 83 a2 85 58 f3 10 30 24 0d 71 38 07 16 20 45 1a 64 2f f9 a1 ae f9 3d 48 86 f3 bc 7d 14 59 d8 80 cf a4 61 fa 09 67 fa c7 76 02 d7 e6 f7 24 c0 42 97 df Data Ascii: 9IQS=BBz;x{VIWs8[0Ud b&9NK^]%**#"-~<,*D4"+vbeaj!TD8`g]Xm$AMKaTA&UyEN'C_~b$X0$q8 Ed/=H}Yagv$B
2022-03-03 07:35:34 UTC 1184 IN Data Raw: b3 f0 2c 14 49 d6 79 a4 92 27 e0 d4 db 78 10 5d fb d3 ee cc 97 31 15 f1 32 1f 7d 18 8d af 89 ad ac 99 21 b6 57 61 3f e8 46 7b 89 08 e8 f0 30 1b 8e c7 d1 c5 28 98 91 a8 ca de 8c 20 4e 6e 02 4a 56 92 87 70 c2 6e 76 be 18 00 90 91 bd d1 18 5c 33 23 f0 25 bb e0 6e 2d 11 29 a0 4d 3f 18 85 14 b1 64 97 f0 5f db 45 e1 30 c0 82 49 e1 49 ae 61 5a c3 a1 60 b3 51 d0 8b 9a 55 93 f8 48 de 00 d9 33 7e 46 c8 9a 97 fd 5e 2f 98 44 fe d9 25 a9 1d d9 45 55 b7 9f f3 f1 98 ac 44 a6 0f bb 3d 4c 82 e9 00 bb 22 db 91 bc 56 f2 8a 93 f1 98 30 98 44 1e 77 3b 98 8f 42 48 85 cb cb f0 3c 94 c4 44 f6 c4 40 e6 ab 1f ce 7a fe b4 cf 4f 6a 10 4e 87 be ac 14 65 8f 88 64 be 06 e1 28 10 f0 b2 40 65 8f 24 e4 23 bb 3d 91 39 12 3e 3a 48 5e d2 35 ca 5c 8c 7c 2a bf e8 3b 04 32 cb f1 07 0a f1 f4 59 Data Ascii: ,Iy'x]12}!Wa?F{0( NnJVpnv\3#%n-)M?d_E0IIaZ`QUH3~F^/D%EUD=L"V0Dw;BH<D@zOjNed(@e$#=9>:H^5\|*;2Y
2022-03-03 07:35:34 UTC 1185 IN Data Raw: 1a d2 69 cb 6a c8 af ee b2 24 ff e7 97 b3 4e 31 3d 44 5b a3 e0 2a fc 58 b2 5f 9a 14 05 f5 7d 6b 11 04 f3 ed f7 d5 43 f1 2b 7e fc 53 5d ec 2f aa e6 fe 3e 5d 53 5d 8e 18 db dc 25 6b 52 c5 5d 80 cc 77 3c c7 b4 f1 4c cf 32 75 cf 35 a4 64 1b c0 3c 4a ec b4 a8 b4 64 03 35 45 9e 64 ac 7a f7 5f 47 52 e9 68 e3 df 45 c2 6c 23 a1 b0 54 19 89 63 ff ff 3f ba c9 09 0c 4b 0f 1c dd f7 4d 3b 30 0d 43 c2 88 41 92 af 81 ac 65 bb 3e b0 5d 4f 47 3d a2 8a 3d 5f 0f 2c fb 74 fd 78 7e 39 1e 88 c5 66 80 a5 7a 00 fc 72 5c d3 c4 62 09 6d bf 4d e1 9f 78 10 c3 41 8b f9 f9 3e 6b ca 24 3b 2f ee ef 2b 56 bf 33 b4 1f f4 6f 1f 92 7c 5b 34 f5 d3 0f 46 f7 91 80 4a fb 36 99 5d 85 e3 f8 1f d1 ec e9 e9 07 b3 ef 27 ed ab 56 d4 65 a2 ed 11 2d 04 f7 a9 a8 1f 58 f9 ca e2 3f 77 2b 2b ad 6d 1d d5 d3 Data Ascii: ij$N1=D[*X_}kC+~S]/>]S]%kR]w<L2u5d<Jd5Edz_GRhEl#Tc?KM;0CAe>]OG==_,tx~9fzr\bmMxA>k$;/+V3o|[4FJ6]'Ve-X?w++m
2022-03-03 07:35:34 UTC 1186 IN Data Raw: 42 ff 96 29 d3 08 d8 d1 f6 28 82 6c ed ed 87 96 2c 3a 16 98 12 1e 88 61 da 05 9f 00 fb 90 47 e3 01 32 48 1a 56 77 69 85 3e 02 f2 af 7d 4a bf 1f a5 42 99 6d eb 3a 4c 01 79 83 dd 1e 98 9f 44 56 3b 34 16 a5 af d5 e9 be cd 82 e7 89 88 b2 11 19 04 ff f1 cc 69 91 d9 b1 a1 3d f0 41 a8 1c 80 10 b8 8a a4 9a f7 dc a3 83 0c 28 a2 b2 d9 a5 75 c7 5e b4 a4 d9 a4 c5 31 25 b9 68 75 bb 98 49 6d 70 3f f4 12 93 3e f5 76 91 d6 ee 43 d6 a2 11 2c 67 d7 9c ab dc 11 67 69 a9 69 67 33 e8 1c 98 15 c0 07 cc 0a e4 32 90 c6 90 48 18 f6 92 b1 b0 fd 0b 56 f4 b6 64 dc 3f 68 ae 45 1b 35 17 03 ad 81 29 1a 4e f1 75 47 07 ec f7 a6 88 f6 76 74 d3 4a 79 00 70 78 90 ba 24 36 69 06 8e b4 cd 9b e2 b1 63 57 54 74 78 2e 7a 25 ed 12 91 e7 9c 51 28 0a 88 fd 3a 06 22 82 76 80 c6 67 4b 09 77 93 64 49 Data Ascii: B)(l,:aG2HVwi>}JBm:LyDV;4i=A(u^1%huImp?>vC,ggiig32HVd?hE5)NuGvtJypx$6icWTtx.z%Q(:"vgKwdI
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 109 of 135
2022-03-03 07:35:34 UTC 1187 IN Data Raw: 54 27 f9 fd 8a 46 93 d9 cd 6a 18 cd 07 b3 78 aa dc 96 e2 68 a8 5f db 87 28 1c 46 b3 53 1d 2a fa d5 af 63 3a 9bdc 4c 17 92 7b e4 49 a7 5f c5 2c fa 69 19 cf 22 c9 35 aa 19 ab 5f cb e2 f3 34 7a 25 dc f2 d1 84 a4 ea 26 9e cd 26 b3 78 7c d5 e5 ee 6a be 7c 4f 3e c2 bf a4 34 56 34 48 49 e1 38 5a 7c 9a cc 3e 22 8f 46 a3 68 46 e9 f8 29 1e c5 92 bf 15 cc a6 57 55 df 06 55 2f 98 f4 2a 99 87 37 91 d2 14 d5 71 50 af 96 4f 14 b3 d5 74 20 b9 46 ee 6a b2 8e c9 a9 94 ea aa 4c 12 9b ce e2 db 70 f0 79 35 0c 17 e1 6a 39 0f af 22 45 39 49 b7 59 92 9a 39 51 0c 35 b8 a8 1a 88 5a fe 7a 72 25 c1 a3 62 be 50 08 2f 96 d3 d5 6d 3c 8f df c7 3c c9 7a 43 aa 78 af 44 d6 36 19 2d 3e 85 b3 fe cc 57 f5 35 49 cb 72 fc 71 3c f9 24 c9 aa 26 38 49 f6 36 1e 46 fd 68 af 60 11 3d 1a e6 37 93 c9 Data Ascii: T'Fjxh_(FS*c:L{I_,i"5_4z%&&x|j|O>4V4HI8Z|>"FhF)WUU/*7qPOt FjLpy5j9"E9IY9Q5Zzr%bP/m<<zCxD6->W5Irq<$&8I6Fh`=7
2022-03-03 07:35:34 UTC 1189 IN Data Raw: fd ae 5d 4b 35 3c c7 52 11 61 5d d5 55 c3 25 6b bb 66 99 b2 ae e6 c2 51 2a e9 8a 29 17 8b 6d ba e2 f7 08 7a ac bc 19 47 fe 28 9a de 84 fd eb 37 5b b6 44 70 8a 8c 67 ca 65 9a ce 13 ae 5c 61 dc 9b a0 df a9 7e ff d4 8c 1e 0f fd fe 9b 9f cb 1f ca 8f 27 58 ca 26 61 f7 7c 91 26 33 be cd ca 35 34 66 e5 3f f7 e9 3a e7 eb 5c 2c e8 8d 56 2e bd 31 26 3f eb e5 cf cf cb 22 03 8c 83 01 52 0f e6 c9 d3 53 4b 74 a6 9b c5 71 80 7e 39 67 ff f8 56 70 55 55 7f 39 cf 36 6c dd fc c3 94 c5 96 3f 7c fc 76 b2 c8 f3 4d f6 e1 fc 3c 2b 36 9b 74 9b 9f cd cb d8 9c dd a7 ab f3 fb 7d 24 cf d9 3a fb 9d 6f cf 75 af ac cf 6f 27 4a ce b6 73 9e c3 7e 7a 87 bc 58 7e 3b 69 1c 8b 49 94 fb 84 65 19 7e dc f2 7f 15 f1 96 cf de d7 2b 82 e1 7a fe 3e 5b a4 bf e3 c7 9f f2 74 73 96 15 0f 0f f1 7d 8c cd Data Ascii: ]K5<Ra]U%kfQ*)mzG(7[Dpge\a~'X&a|&354f?:\,V.1&?"RSKtq~9gVpUU96l?|vM<+6t}$:ouo'Js~zX~;iIe~+z>[ts}
2022-03-03 07:35:34 UTC 1190 IN Data Raw: 53 8f 35 c4 1d 56 d0 ac 44 b2 14 cb 43 38 b8 00 59 2e 0a a2 1e b2 2e 04 8a 00 cd ae 0b 24 38 f4 41 ce 1b ac 2e 93 88 8b a4 c7 54 69 5e c1 57 a2 b0 bb f8 b4 2e 65 a1 e6 b0 1c fe a2 dd c0 ef 4b 60 0b a6 7e 6e 31 ce fe 9b 56 e2 95 5e a1 d1 a1 92 98 bd de 0a fc 45 f5 8f 24 2e 00 e3 d0 a5 69 5e 75 01 96 6e d8 8d 10 b5 a0 7f 00 46 ba eb a0 85 04 98 58 1a 49 c5 11 5b 14 a0 98 5d 3d de b1 2c d1 0a 5a 1e 84 0b c8 92 4a 91 71 51 6c f9 a6 c6 63 56 eb 10 e8 af ab 4e ed 01 22 04 b3 a2 5b b5 c1 d9 20 77 92 23 fe 76 27 8a f4 f1 b0 1f 54 d2 35 2a 61 05 6c fc 12 77 e3 f7 4d 4b 3f af d5 8a 65 9a aa 8a 95 41 23 61 17 0e b4 15 91 82 bd 38 ab 32 e6 e1 be fa bb 89 5f 60 7c 83 b9 35 6b 7f aa fd c2 b3 e7 42 b4 58 40 15 68 04 e2 f6 10 ae f8 4b da 86 88 8c ab 7c cd 4a c6 86 95 00 Data Ascii: S5VDC8Y..$8A.Ti^W.eK`~n1V^E$.i^unFXI[]=,ZJqQlcVN"[ w#v'T5*alwMK?eA#a82_`|5kBX@hK|J
2022-03-03 07:35:34 UTC 1191 IN Data Raw: 83 0c ab 88 87 0b bf 7f 11 dc 4c 3f 4f a2 68 d0 a7 6b a0 cf 29 a8 87 41 3f c2 06 b0 8a 60 2c f6 74 ec 44 d6 e2 10 27 9d b0 33 ed 0f a2 69 34 22 db 90 69 3a 62 df 0d 82 ce 67 ff e2 7a 1a f4 fc f0 66 da 0d 83 9b ce b1 23 d9 35 71 bb a3 ee 60 d4 9b 76 82 f1 c5 28 1c 4a b7 25 b9 ec 68 f7 76 15 f8 9d 60 74 ec 43 a6 90 da 7d 0c 47 83 de 30 22 e1 a1 dd 41 bb 8b 51 f0 db 24 1c 05 24 34 b2 be a4 dd 4b f4 75 18 bc 72 dc b4 15 27 ae 7a e1 68 34 18 85 fd cb 26 77 a7 e3 c9 67 11 23 7c 45 d2 58 c2 85 c4 61 3f 88 be 0c 46 d7 c8 a3 6e 37 18 89 74 fc 12 76 43 12 6f 89 6e 69 75 d5 b6 41 d9 cb 0b ad 4e c6 7e 2f 90 2e 45 76 0f d2 ea e5 8b 38 b3 e9 f0 82 84 86 b2 18 f5 31 38 b6 92 3d 82 21 66 c3 51 78 eb 5f 7c 9d 76 fc c8 9f 4e c6 fe 65 20 29 27 f2 e4 84 b8 19 0b 49 21 07 17 Data Ascii: L?Ohk)A?`,tD'3i4"i:bgzf#5q`v(J%hv`tC}G0"AQ$$4Kur'zh4&wg#|EXa?Fn7tvConiuAN~/.Ev818=!fQx_|vNe )'I!
2022-03-03 07:35:34 UTC 1192 IN Data Raw: b0 28 5a 1d e8 75 17 c2 7a fc 24 85 ff dd 4f a2 85 e0 8a 15 56 4a 0e 53 31 a9 c9 49 04 e6 b8 46 53 29 24 96 b0 12 81 45 88 34 c0 2f ab d5 e8 63 ff 5b f3 4d 62 3e f9 ff df 22 3e 85 bd 25 ca d6 ea 84 41 0a b4 ec 44 df 32 a3 b7 29 cf 96 19 c7 81 03 9a 39 a6 6a 72 9c 59 61 9d b6 fb b2 d9 8f 2f 64 51 d8 c2 a8 5a 2b 94 53 d2 14 e4 78 87 b9 86 8d d4 32 50 28 61 54 a1 ad 53 da 70 43 ba 08 85 b4 d6 9b 57 b4 bf 20 94 a0 45 81 b0 66 d2 19 cd 40 4f 05 13 4c 5a 62 63 a0 ef 7e 0c b2 d8 60 78 a9 51 60 2b 8a 55 2d d8 fe e0 fd dd ed 6f ab eb e5 fd 83 97 cc 0a dd 7f 43 98 f6 4d 50 8f 27 d3 59 7f 32 5b 9c 57 a3 97 4f 52 85 42 0e 2f f8 1d d3 3b bb bd 7d f7 71 d5 7b 01 d3 3d 29 47 c3 64 a8 40 6a 1f 2f d2 db 72 3b e5 f4 b2 3f 7a f2 e7 86 44 f3 ef 11 30 ee f3 c7 e5 f5 ea fd ed Data Ascii: (Zuz$OVJS1IFS)$E4/c[Mb>">%AD2)9jrYa/dQZ+Sx2P(aTSpCW Ef@OLZbc~`xQ`+U-oCMP'Y2[WORB/;}q{=)Gd@j/r;?zD0
2022-03-03 07:35:34 UTC 1194 IN Data Raw: f5 ad 56 9c b0 38 5a 1c 2a b1 b5 36 b9 97 e0 62 95 0c d5 13 7a 78 ae ca d3 3a 18 0c c9 0f 70 4c 44 9d 37 ef ab 76 38 10 24 59 89 78 44 78 ac d8 98 56 c8 36 62 30 81 38 72 80 e7 89 ab c4 1e 46 2b ae ac 84 4c 1e e0 3d 64 cf 00 b8 e4 8e 7a de 9a ef 19 55 8c 44 f8 cd dc 47 3e a7 de 4e 0c 5d 24 f6 26 39 bb 0f 05 70 c5 e1 46 ab 65 0d 5e 99 d0 12 f2 97 3c 80 c5 f1 24 32 0f 42 2e ad 2b f1 b3 08 48 4b ad 94 ca 58 c8 4c 61 c9 96 2c 08 b5 21 9f e6 5f 2b c3 14 b2 f8 a9 b0 e3 cf b7 21 28 4f b0 a3 6e 1d 0c d4 a2 0d c7 82 db a7 64 1d 2e e3 ca 3d 76 0e c1 dd ef 92 5c 50 4a 0d 59 ae 75 90 89 35 fd 0b 6d e9 04 3d 72 99 91 1b d8 2b 84 fc 6f 16 f8 eb 1a 1c 24 a2 4e 48 0d 39 b7 76 8c da 7b 9c fd ac bb 60 51 e5 25 9b 96 7c eb ee 37 26 c3 fa 99 f8 47 cc f5 75 6b e7 07 f2 d0 81 Data Ascii: V8Z*6bzx:pLD7v8$YxDxV6b08rF+L=dzUDG>N]$&9pFe^<$2B.+HKXLa,!_+!(Ond.=v\PJYu5m=r+o$NH9v{`Q%|7&Guk
2022-03-03 07:35:34 UTC 1195 IN Data Raw: cf 67 6d 11 d6 66 bd e7 5b 7d c3 ba 63 d6 65 cd 59 b0 8f ca 41 df 07 d1 ff 3e 55 a1 94 b7 7b 16 85 da 50 0b ca 2b 01 f8 1b 66 4c 7d 1a 0e fe 21 81 74 f4 a0 88 46 9e 81 4a 03 3c 61 53 17 aa 34 07 b3 50 5c 41 5e 41 9d 17 5c 57 63 54 47 25 c8 61 b9 77 62 1f 09 2e 8d 69 84 63 c8 87 2e 9c a7 0b 3c 02 ef 1f 2f a1 88 fa 4a 41 dc d7 58 f4 39 67 12 8a 04 c1 46 ac 80 1c 4f f2 42 00 ee 57 bc 30 54 ca fb 43 6a 57 54 b9 6a 7b 3c d4 dd 44 b8 c9 a2 b8 af 72 79 fb 09 77 bd ed ae 47 e1 e9 a6 61 76 d1 5c be c1 f9 3b 8e 84 b8 90 8b cf ab b5 9d d8 e8 5c 9d ee 64 48 40 b2 1b 7d f0 1c 3f 05 41 99 c2 08 25 0a 80 a5 5a 49 80 c5 f4 f1 e8 ff aa f8 70 78 15 1d 87 d9 5d 95 aa 74 05 cd ce ea e8 52 77 9d 38 6c 51 08 69 b5 a0 cb 4b 18 87 44 d5 bc ed fe c0 32 5b d7 17 24 90 ad 0b be cc Data Ascii: gmf[}ceYA>U{P+fL}!tFJ<aS4P\A^A\WcTG%awb.ic.</JAX9gFOBW0TCjWTj{<DrywGav\;\dH@}?A%ZIpx]tRw8lQiKD2[$
2022-03-03 07:35:34 UTC 1196 IN Data Raw: a8 b7 80 50 e4 7c fc da e2 57 89 73 c3 79 3a a7 93 b2 fc 47 1a cc a8 37 ef e5 89 50 ce 99 78 33 ca 16 02 13 90 55 ba 91 f4 9c 72 9e c4 df ca c9 cb 14 10 10 85 ea 3c 89 4c 84 a0 1e 0c d9 42 84 88 10 d4 d1 bb 3c 05 0f 4d d2 b0 9b be 68 6d 0b 8d 19 e0 cd 54 65 a9 b3 87 79 22 f3 d1 ab fe 6c f0 82 52 32 ea c4 0e 45 e8 f5 78 0e 19 fa 68 fa 8a 30 1f e2 8529 88 c4 8b fe e8 0c a0 cb a2 1a f5 c1 6c ae 92 15 50 cd 4e 72 f8 15 58 5b 0a 9d 88 a7 da 88 d1 21 03 48 53 c5 f4 cc 20 31 7a 56 cd ce cb 45 62 18 c4 db 9c d0 60 9f 16 42 ca 12 00 c3 a0 7f 59 7b b1 64 07 c4 e1 ef 35 15 80 a8 09 bb 88 a6 73 7b ff 65 7f 3e 4d 06 50 6f 87 59 0f 38 ef a7 ee 8b 78 9b 4f 7b ff b4 2c 93 f0 4c 55 83 db fb e7 23 6a 0b 54 b7 ac 1d 71 35 3e 9f 5f 24 23 a8 97 03 3e 3e fe 07 50 4b 07 08 44 Data Ascii: P|Wsy:G7Px3Ur<LB<MhmTey"lR2Exh0)lPNrX[!HS 1zVEb`BY{d5s{e>MPoY8xO{,LU#jTq5>_$#>>PKD
2022-03-03 07:35:34 UTC 1198 IN Data Raw: 0d 15 36 e4 e9 9e 20 dc b8 88 05 bb 34 73 5e b3 25 2b f1 d7 82 f1 c0 e8 b6 f0 68 78 48 1b c7 b5 e0 51 43 84 4c 82 e0 d1 8a 29 5b 2c 96 55 38 9c d4 66 06 38 52 e7 5e 1c 0f 93 f1 24 d3 ee 23 9d eb 67 4d a4 be ae 61 a1 96 67 78 7c 03 69 50 e2 7c 11 ef 8a a3 b8 18 96 a9 ab 26 dc 83 99 55 c3 c0 0c c9 00 81 98 0a 7e 43 75 b9 f8 4f b7 11 40 cf 33 c8 0a ee aa 27 4d 15 d4 e8 81 b0 1d 84 11 9c 6d d3 dd 19 8b e8 09 b2 5a 67 60 a9 2c cf a0 38 94 1f b6 0c cc 99 56 ac fb e3 db c6 21 0f 82 a6 a9 9e ce 6b 55 a7 bc 5b b3 dd 05 d4 4a 0e 47 c9 b9 22 b4 cd ae 28 ea 21 9e ea ef 9b a7 38 2f e2 e5 aa fe 06 62 ac 2d ce 95 0e 22 7f c1 50 a8 75 f4 cf 95 75 9c f0 7d 84 1c 2a 94 bc cc 20 22 4a 4c 12 20 55 c0 3f 2f 9b 6d 02 57 49 2a a2 89 ea 61 fc 2f 89 f2 98 b0 2f 29 5f 50 b2 58 b0 Data Ascii: 6 4s^%+hxHQCL)[,U8f8R^$#gMagx|iP|&U~CuO@3'MmZg`,8V!kU[JG"(!8/b-"Puu}* "JL U?/mWI*a//)_PX
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 110 of 135
2022-03-03 07:35:34 UTC 1199 IN Data Raw: 0d ea 14 a0 43 32 06 7b 8b 32 41 5a 8a 66 cf b6 35 34 78 ae 07 61 a1 43 e0 a9 92 9d 39 88 0a 56 e4 59 0d 6c e8 c9 0d a8 3b c3 03 6c 22 b5 5c 4f a5 e7 af 6c c3 e5 7e fe 56 f9 b8 e0 79 9a e4 42 bb 83 19 eb 6e 26 e3 2d d1 8b 04 42 ee 0a f4 b8 54 7c de 25 64 cb 98 3f 54 3f 0f 35 5d 35 51 2f 11 66 af a8 f7 08 53 c4 3c 29 b8 50 5e 55 a7 58 90 58 c0 53 be59 c7 8d c3 91 f6 c2 5f b0 c2 aa 17 63 9b 0a f8 8e b5 bc 00 63 a2 8c c4 cf 69 8c c0 f0 16 47 a4 ba 07 b5 03 01 ca 85 32 70 13 92 94 36 c2 55 01 3d 1e 01 83 a3 21 55 50 24 2a 70 1d db a0 62 23 69 cb bd d9 64 5c a3 40 60 9d a3 51 38 e9 34 2a 79 d2 9c bd 60 ed 6b 36 2f ca b2 71 ee da 5c 3a 72 be d5 a0 a3 5e 39 83 10 4e 8f 55 48 85 ad e8 c0 b2 cd 13 2b f3 1a 64 0f 5a e4 18 6e ff 3f aa 84 4e ff 1b 45 49 53 16 d8 0e Data Ascii: C2{2AZf54xaC9VYl;l"\Ol~VyBn&-BT|%d?T?5]5Q/fS<)P^UXXSY_cciG2p6U=!UP$*pb#id\@`Q84*y`k6/q\:r^9NUH+dZn?NEIS
2022-03-03 07:35:34 UTC 1200 IN Data Raw: 99 a1 b2 07 12 f2 91 1d 25 c9 1c 55 3e 5a 48 5e d2 cd ca 5c 0c 7c 2a bf e8 9b 3b 32 cb e8 8e 42 3c 7d 8d 41 66 39 0a 38 c0 4a d6 2d bb 97 93 39 68 31 97 bd 5a d2 66 5e 95 1a c1 52 89 54 6f 75 20 e3 07 d9 41 7d ab 83 f1 14 95 4a d1 50 d6 38 c9 7c 54 7a e8 fd f4 66 16 8d 66 01 17 36 34 1d e9 0d 75 ab 23 9e df d1 7d 40 85 b0 e4 ad d4 56 27 d7 81 3f 99 82 ab b8 e0 0b 24 a8 4b ef 3d 5b 5d 81 2a 68 52 cb 5e d9 69 f5 00 e1 fa 2b d0 07 75 da 46 5e b2 b7 a9 64 ee 6a fe 7a 05 57 25 d7 74 ed 7e ae 47 41 f0 4f 4a 66 b2 57 91 db 9d c8 c0 59 f2 5e d9 2b 0e 46 d8 2b ba 10 7a 59 d8 ee e2 d7 60 74 47 05 81 e4 3c aa dd 45 0b 43 c8 2e b9 5f 71 22 61 08 d9 b5 52 bb 87 5a 9a 50 da a5 af 30 bf e2 63 02 bd 49 53 56 76 3d d6 ee 64 3a f8 e0 4f 3a b7 b2 24 93 dd 4a c8 1c 7d 8c a6 Data Ascii: %U>ZH^\|*;2B<}Af98J-9h1Zf^RTou A}JP8|Tzff64u#}@V'?$K=[]*hR^i+uF^djzW%t~GAOJfWY^+F+zY`tG<EC._q"aRZP0cISVv=d:O:$J}
2022-03-03 07:35:34 UTC 1201 IN Data Raw: fa 9e 3d 02 c8 be bd fa af 87 d5 c5 26 ca fe c8 7a 40 7d 2d f2 58 39 c0 34 81 85 aa 86 b8 ea 80 2c 5b 25 a0 3e e0 a9 b7 62 4a 47 e9 dd f4 2a 19 24 83 aa a1 0d 78 70 99 67 d8 86 4e fc 7b c5 b6 f1 8a ad 38 92 8f b3 f4 1f d1 5d 11 a7 09 ff d7 8c 2d cf 7a 51 0e c4 dc 57 ba 5c b4 04 55 75 0c c3 81 2a dd 30 0c fd a5 ae 51 5a af d4 54 53 43 ff 70 3c b4 03 cd 01 78 bf 5c 19 76 90 fc 0f 62 b5 81 24 70 6d 5b b7 5d 53 53 0d 15 32 74 35 6f 82 7b b6 42 db 13 c8 fa b9 4e bc 6e b7 5b ab 30 3c 64 85 e3 5a 50 a1 61 cf 26 c1 67 ff 00 c8 f8 26 2d 2a 31 03 0d 0e a9 84 ff 7b 78 ba 27 b3 53 44 a0 5a 6d 22 b7 75 0d 7b b3 3c c3 e3 d1 20 fb c7 ae 58 99 57 3d c3 b0 4c 5d 35 a1 1a 2d 55 35 0c 58 47 94 8b 66 58 2f b6 41 09 00 a3 b0 c7 86 c3 3c cf 20 be bd 12 2b 4d 15 cd cd 43 9f 75 Data Ascii: =&z@}-X94,[%>bJG*$xpgN{8]-zQW\Uu*0QZTSCp<x\vb$pm[]SS2t5o{BNn[0<dZPa&g&-*1{x'SDZm"u{< XW=L]5-U5XGfX/A< +MCu
2022-03-03 07:35:34 UTC 1203 IN Data Raw: b4 4c 39 17 e5 ad 87 67 59 2d 84 7c d4 61 2e aa ca 35 91 1d 1a 71 c3 21 82 9c 52 7f b3 c7 09 ad b6 8a 6c c5 78 00 96 eb c1 b5 48 39 7a 0e d6 50 46 4e c9 90 0f 75 87 c9 15 71 fe b5 c7 1f d0 be 6d bc e3 bf 8d 8f 79 cd b8 e2 35 2f a9 82 8d ba e4 67 5a 80 66 97 9f 11 d9 06 a9 94 9f 94 2b 71 cc 26 f8 64 dd 67 6c 93 1f ee e9 a6 85 f6 8e 84 b0 e8 30 cb 3b 1e 07 d5 07 b0 d8 3a 53 9f 43 f3 f7 9e fe a9 c9 df 6f f8 b7 2d d7 f2 00 65 b6 06 fc 40 01 02 46 da 0b 5e 34 df 4a cc d6 30 49 b9 1e b8 80 0e 06 a6 4a 82 d3 1c a7 ae c1 e7 ca 4d 5c 71 8b 34 cd ea 33 04 cc b6 06 38 98 e1 01 0f 91 5d ae a7 92 40 7d 60 4b 5e ab 1d 85 b7 d4 4e 94 b0 65 4d 4e 57 51 c1 b6 0f 6c 95 56 29 b7 65 1d 14 f2 df 9e 28 ed 8e 7f b7 ab 19 4d 53 e7 b9 18 cc 97 87 da e7 48 92 d6 b3 3a 47 a5 28 c9 Data Ascii: L9gY-|a.5q!RlxH9zPFNuqmy5/gZf+q&dgl0;:SCo-e@F^4J0IJM\q438]@}`K^NeMNWQlV)e(MSH:G(
2022-03-03 07:35:34 UTC 1204 IN Data Raw: 43 8a 58 b2 eb 91 e7 72 b3 70 10 c0 60 52 78 92 53 a7 46 70 20 ba d9 30 38 9f d5 56 13 ff 48 5e 40 3a 12 3e 20 64 d5 97 fd f3 f3 60 3c f3 3f 5c 93 da 91 9d d5 b5 eb b9 18 8d 88 25 32 7a d9 ae 61 1c 4c fa d8 15 d9 8e e4 a5 a6 57 94 8c 46 a4 83 49 38 77 bb 82 f9 30 04 55 b8 be 0e 2f 42 89 4f 64 17 36 32 5d bd 70 7a ee 4f 7a 3c 52 fd 70 32 f0 65 a5 28 bb bc 93 e9 ea 87 c3 40 c0 cb 02 95 3d 94 34 1f d9 d9 8f 4c 91 d0 d1 d2 e4 25 33 aa 4c c5 d0 a7 f4 8b be bc 22 93 1c 5d 51 88 a7 d7 fd 32 c9 49 c0 01 56 Data Ascii: CXrp`RxSFp 08VH^@:> d`<?\%2zaLWFI8w0U/BOd62]pzOz<Rp2e(@=4L%3L"]Q2IV
2022-03-03 07:35:34 UTC 1204 IN Data Raw: b2 6f d9 1d 98 4c 41 8b b8 ec 95 8b 36 71 51 6a 04 4b 25 d4 bc 55 81 ac 3f c8 ce d8 5b 15 4c e7 a8 54 8a 86 b2 59 49 a6 43 f0 a1 0f f3 8b c5 68 b2 08 38 b1 a1 e9 48 af 7f 5b 15 f1 fc 1e dd 04 94 08 4b 5e ba 6c 55 d2 0f fc d9 1c bd 8a 13 be 40 82 ba f4 22 b2 55 15 5a 05 4d 6a d9 9b 2d ad 1a 40 5c 7f 01 fa a0 4e db 9a 97 ec 35 22 99 ba aa 7f bd 82 ab 92 4b b2 76 3d fd 49 10 fc 46 9b 99 ec 05 dc 76 25 32 70 96 bc 49 f5 8a 82 09 62 45 37 42 2f ed da 55 fc 12 4c ae 28 21 90 1c 39 b5 ab 68 e9 10 b2 5b e7 57 94 48 3a 84 ec 6a a8 5d 43 45 4d 68 db a5 af ea be a2 63 06 be 49 53 56 76 c3 d5 ae 64 3e bc f5 67 e7 97 b2 24 93 dd 28 c8 14 7d 1c cd 31 a1 0f a7 b7 92 f2 91 bc 4f 76 a4 e2 d2 1f 5e 80 ba 2c c2 a1 8f b2 b9 21 16 c8 8e 72 a5 e2 37 a8 36 4a 9d 24 ef 64 48 a4 Data Ascii: oLA6qQjK%U?[LTYICh8H[K^lU@"UZMj-@\N5"Kv=IFv%2pIbE7B/UL(!9h[WH:j]CEMhcISVvd>g$(}1Ov^,!r76J$dH
2022-03-03 07:35:34 UTC 1205 IN Data Raw: f1 91 87 c4 b6 01 97 ba 81 34 9b 40 35 57 97 68 e1 2d 1d ae 7d 6a 4c dd b0 b4 e1 dd 90 9b a1 3c 74 03 5c 12 20 8e 81 e5 5a a6 14 f4 9f 9b 24 3b e3 02 d0 da df 05 bb 7c 57 27 c0 b8 ba 26 5a d1 68 45 b9 4d f3 a4 26 4d f9 3d f7 ee 83 62 74 dd b3 2c 0f ce 4d cb b2 cc 73 ef d3 26 15 43 0d dd 36 40 48 5e 00 5a 31 3c a0 fe f9 d0 31 a6 6c 4a 0e cb 16 aa c5 77 5d d3 f5 6d 43 b7 74 18 49 c3 a3 fc 58 a4 58 f0 f9 39 04 26 b9 c2 87 15 a0 7e 3c df 81 0f 03 81 b0 7b a0 5d 70 d4 01 24 2e 66 b7 40 9b 26 75 e4 05 58 41 a0 58 2c 83 00 3e d8 c6 21 30 0d ec cf 09 ac 80 e6 49 0a c2 2c 69 5a cf 8e 6d ea 36 fc 82 a5 75 cb c2 ea 24 cf 13 f0 a7 18 eb 42 7e 00 6e b1 16 17 11 0b 02 4b 8a ee 7b 36 d2 d6 41 8b 01 08 db 43 d8 c0 d9 ae 9c 87 70 8b e0 54 44 23 af f7 09 b8 eb bb 5d b2 69 Data Ascii: 4@5Wh-}jL<t\ Z$;|W'&ZhEM&M=bt,Ms&C6@H^Z1<1lJw]mCtIXX9&~<{]p$.f@&uXAX,>!0I,iZm6u$B~nK{6ACpTD#]i
2022-03-03 07:35:34 UTC 1207 IN Data Raw: c3 66 e0 c8 37 77 d0 03 c9 b6 95 21 14 f7 12 f6 87 87 f8 17 f8 89 26 82 a9 1e ee 30 a0 22 dd 31 90 46 10 0d 18 d6 96 ca f6 36 69 8e 49 5a b5 e3 51 dd 26 96 8e c3 e9 db a8 2a 43 8a cd 6f 60 e2 fc 32 61 39 2e 09 5f 5a d3 e1 30 d6 73 f0 04 bb 3a 8e 03 9a 24 48 fd 00 69 40 05 4b 93 8d 2f b9 d0 e1 7e e1 45 30 5e c5 74 99 70 79 9f 12 7a 5e 58 b6 7e 83 f4 a2 df 77 75 90 0b 24 a0 d7 87 20 08 9f 5e bb b9 96 74 3c ff c4 eb 67 fa 19 2c 98 d4 45 2a 1a 21 d7 a6 97 ab a6 ed 40 b4 a0 a6 1c f9 3a e0 c4 cb 55 42 55 b3 c4 10 2d 4a d3 ea 27 f9 b6 2c f8 22 7f ff 7b 15 79 2b bf df b5 8a eb f8 4e 00 78 75 0d a0 17 0e 3a 40 ec 7c e6 9f 28 74 24 29 ab 2a 26 60 84 8a e6 f6 ae 81 1e d4 0f 20 64 4c 48 4f 5d 91 c0 8e 9c 12 11 2f c9 7d 52 6e c5 4d 8d 1b 00 9d d1 d4 07 00 6a 54 a5 1f Data Ascii: f7w!&0"1F6iIZQ&*Co`2a9._Z0s:$Hi@K/~E0^tpyz^X~wu$ ^t<g,E*!@:UBU-J',"{y+Nxu:@|(t$)*&` dLHO]/}RnMjT
2022-03-03 07:35:34 UTC 1208 IN Data Raw: ed c7 d3 1b 09 1e 15 ad 8b c2 78 b9 9a ad ef e2 45 fc 36 66 45 d6 9b 52 c5 fb 40 b2 b7 e9 68 f9 21 9c f7 57 be 8a df 24 2f ab c9 fb c9 f4 83 64 ab 6a 1b 25 db bb 78 18 f5 a3 bd 42 6b f4 78 58 dc 4e a7 cb 77 93 68 21 45 55 f5 1a 99 e4e4 63 24 93 95 e2 9d 00 66 b7 b8 59 8f 00 c8 a8 de e5 14 5c b3 90 e0 4b f5 8c a9 b5 44 a4 80 36 c3 68 12 cb 88 a5 7a 5e f6 dc 6e 19 df 46 58 b0 74 f0 14 d7 7b ad e1 2d 63 b3 49 34 58 8a 55 4b f1 51 bc 20 d7 31 3e 21 24 e7 e5 70 30 88 66 cb f0 ed 58 3a 3b aa 0b d2 7e 3f 37 d3 a9 b4 12 95 0e ed f7 30 8b e6 23 ec 4a da 8e e2 2d bb 17 9c 4c a7 12 83 29 84 7a bf 83 d5 24 86 54 18 8f e3 9b 58 11 13 d5 73 38 95 af 61 bc 18 84 f3 21 cd d4 28 9e df 86 aa a3 a8 7a ae ab f2 35 8a 27 11 83 97 35 4e f6 44 41 3e aa 5b 31 95 23 e6 a3 87 e4 Data Ascii: xE6fER@h!W$/dj%xBkxXNwh!EUc$fY\KD6hz^nFXt{-cI4XUKQ 1>!$p0fX:;~?70#J-L)z$TXs8a!(z5'5NDA>[1#
2022-03-03 07:35:34 UTC 1209 IN Data Raw: 1f df 2d 6f ef 6a 6e 34 cb ae ff b3 b8 f9 74 bf fc 74 5f b1 e6 49 56 33 b1 19 4c 7e 96 f5 cf 6b ce 90 07 14 7a 80 a5 a0 8f be 7d 4b c8 69 f6 f9 c3 a6 a8 fe 72 52 fe f7 db 2f 4b 21 c4 5f 4e ee 3e 97 9f 9a ff 94 9d 0f b7 cb d5 af 6f 8f 3e dc df 7f be 7b 7e 72 72 f7 e5 f3 e7 9b db fb e3 f7 b5 a0 8e 17 37 bf 9f 2c 1e d8 7f 52 7e ba fb e7 f2 f6 44 fa 3a ee bc 3d ea dc 97 b7 ef 97 f7 30 7e 36 ff 58 7e fa 9f b7 47 0d e1 6a 92 ce e2 63 79 77 07 3f de 2e ff f7 cb 6f b7 cb 77 cf e2 8a 60 e0 a7 f7 cf ee 3e dc fc 13 7e fc d3 fd cd e7 e3 bb 2f ab d5 6f 8b df 60 73 67 cb e5 bb 79 b9 a8 48 d5 2c 00 ef 63 ac 91 1a e6 b4 4a 0a 9b 67 ac 7d 04 e1 97 16 d9 2c b6 15 ec f7 62 0c 59 6d 9a 7d f8 1c 7c 7e 0c 74 ea f9 c1 da c0 0a 2b db 25 4d 19 a5 c9 ec 96 95 26 96 e1 77 64 b5 f1 Data Ascii: -ojn4tt_IV3L~kz}KirR/K!_N>o>{~rr7,R~D:=0~6X~Gjcyw?.ow`>~/o`sgyH,cJg},bYm}|~t+%M&wd
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 111 of 135
2022-03-03 07:35:34 UTC 1210 IN Data Raw: a3 29 3c 60 8d 2b d7 93 b7 5d 0b 7a e8 b1 e7 34 d8 d9 cf 3d 4a c1 63 24 51 d1 5e 8c 74 c2 79 48 bf eb 63 37 e3 12 b5 1d cc e5 16 26 3e 14 eb 1c 7c 6c d5 8c fe f7 3c b6 aa ca cc 4a 49 2f 95 f1 2e 37 5e 50 fe c5 8a 1c da 3d 53 87 6d f8 85 e2 42 e3 e5 d6 8a c1 39 41 82 ca d9 f2 ee 1f 64 1e 5d 62 34 60 9c 74 b5 22 1b c5 f3 3f 4e 02 1e 74 d7 2a ed bd 70 d2 18 99 b1 e5 29 47 61 2c 03 91 03 45 5b 15 4a 41 98 06 fe 28 2b 40 b8 3f b4 38 f7 63 2d e6 bb f3 7d 7b 29 b1 ed bc 36 4a 89 1a 1c 8d b7 10 cf 72 6d bd 51 da f1 27 1a 3b 32 bf 24 6a 40 3a b7 5f 1c a9 17 65 44 a6 55 ae bd d0 46 68 61 95 e1 5d e0 8e 93 63 23 64 75 6a ed b4 32 b9 b7 42 e8 7c 67 19 8d 03 4c 87 ea 14 4e 4c 1e cc 2d 82 c3 53 ee a4 37 2e 1a 05 9d 38 c3 1f 4a 8c e7 a8 22 da d4 55 98 fc ae a5 14 49 47 Data Ascii: )<`+]z4=Jc$Q^tyHc7&>|l<JI/.7^P=SmB9Ad]b4`t"?Nt*p)Ga,E[JA(+@?8c-}{)6JrmQ';2$j@:_eDUFha]c#duj2B|gLNL-S7.8J"UIG
2022-03-03 07:35:34 UTC 1212 IN Data Raw: 6c b4 fc 47 95 a9 82 ee c7 8c 22 7a a9 e3 a7 1d 79 ac cf 5f fe 5f 0b 31 1c 77 0c 7c f5 4b dc a9 cd ad d4 12 52 77 65 b4 02 1c f8 98 23 5e 26 a2 ec ba 82 99 34 f6 7a 59 95 b7 ac 4e 5e 32 58 9f 94 ca 19 c9 a6 cc 49 b5 4f 83 19 aa fc 4e b8 2a 29 87 fc bc 2e 7c 0a ef f8 f4 7c 7b 8d 49 e0 54 6d ff 5b 06 0e 60 b8 f7 3e af eb 03 5a db 2c 11 76 d0 f9 12 2e ff cf 43 cd d6 a9 1a c0 3a e7 32 95 0b 6b 20 03 63 c1 2c 8a ad bb 1a 74 0f d8 08 e1 42 0a 9a 82 83 fe b9 59 0e c3 97 9f 97 e6 38 ad 54 05 27 9c ca 73 e5 bd f6 3c da 4f 15 5e 9c 36 da 6b ab 33 c8 aa ab da 82 4e b9 a0 56 39 03 cb 16 db ac 5a 8b 93 03 03 3b 6a ee fb f9 2c 5c b6 6d a8 87 ad 98 cc 64 da e9 0c 92 1f c8 80 2c 28 7c 3a bc b4 eb 3c 71 bc 12 2e 33 5e 09 2f 9d 84 8c 55 6e b9 9e 78 c0 e5 ec c3 ad 15 94 c9 Data Ascii: lG"zy__1w|KRwe#^&4zYN^2XION*).||{ITm[`>Z,v.C:2k c,tBY8T's<O^6k3NV9Z;j,\md,(|:<q.3^/Unx
2022-03-03 07:35:34 UTC 1213 IN Data Raw: 00 68 aa 48 9b e1 98 d1 93 fe e4 a2 98 11 c3 60 5e 30 86 06 87 b4 10 52 96 08 18 4e bb 57 95 17 23 3b 60 3a 91 1f a8 00 44 25 ec 62 0e 58 9b e7 af ba d3 31 19 c0 bd 52 e8 61 c0 45 97 ba 2f e6 9d 50 cd f3 e3 a2 20 e1 99 ab 31 37 cf 4f 07 dc 16 b8 c3 b2 66 c4 f5 f0 62 7a 49 46 70 6f b2 fc f6 ed 5f 50 4b 07 08 5b 19 f5 c3 bf 11 00 00 ee 56 00 00 50 4b 03 04 14 00 08 08 08 00 2a 8c 04 51 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 5f 6c 6f 63 61 6c 65 73 2f 68 69 2f 03 00 50 4b 07 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 29 8c 04 51 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 5f 6c 6f 63 61 6c 65 73 2f 68 69 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e cd 1c d9 72 1b 37 f2 57 b8 5a 3f 6c 52 b2 84 1b 18 6f b2 29 9a 1c c9 8c 25 Data Ascii: hH`^0RNW#;`:D%bX1RaE/P 17OfbzIFpo_PK[VPK*Q_locales/hi/PKPK)Q_locales/hi/messages.jsonr7WZ?lRo)%
2022-03-03 07:35:34 UTC 1214 IN Data Raw: e2 4c 32 80 45 42 09 94 ab cf c5 2f 5b 58 d2 67 16 e2 12 d1 26 c4 75 9d e4 0b 0e 2a 56 b2 82 83 83 83 80 8e 2c c0 22 59 a7 01 1d 0e 4c 57 64 d4 95 66 43 4d d4 95 09 0d c1 bc d5 e0 25 24 03 60 ee e0 6f 01 27 2e 32 34 a3 74 c6 af 57 60 e6 05 07 ca 6b 40 bd 92 6f 9a 5b 58 6c 50 0c d7 d0 5c 2b c1 14 e0 00 79 0a 93 12 8e 4b 62 91 35 de d5 0a 70 38 0e fe 09 03 8c 2f 0a 49 ae 47 e9 2b d7 f5 4a 55 a5 09 05 64 26 16 d8 0e c9 89 a1 a5 8d 79 05 42 a1 a5 14 9d 7f b5 d2 ec 15 2c 10 5e 20 2a 79 59 0b b1 c4 0f 4f 9a 3d 2b 92 73 0e d7 2b 3f 26 32 41 3d 62 a9 88 f2 d1 05 02 cd 70 f4 ca b0 08 71 8f 38 92 ba 26 81 bb 44 37 73 9c 74 e0 53 2c 11 df c2 ad 49 da 14 6f e8 f6 91 c4 49 04 8b b6 99 98 97 99 8c fe 21 4c cf 24 da 8d a5 f1 1b 73 8e e9 82 f4 0f 45 6c 4c 78 a3 84 11 ba Data Ascii: L2EB/[Xg&u*V,"YLWdfCM%$`o'.24tW`k@o[XlP\+yKb5p8/IG+JUd&yB,^ *yYO=+s+?&2A=bpq8&D7stS,IoI!L$sElLx
2022-03-03 07:35:34 UTC 1216 IN Data Raw: 6a 20 3c d5 fa 78 33 4e b9 b5 32 9a 49 65 40 d9 59 35 b8 a3 0c 99 72 6f 12 85 a8 e0 87 27 25 a2 9e c4 21 a2 a3 68 c1 fa cb be 74 15 d7 d8 77 22 76 4e 52 44 b0 b7 8d 8c 38 6d 04 e3 10 23 0a f8 b1 30 05 3d 63 ca 91 8c e2 64 9c 28 dc a7 81 e3 83 83 ff 17 c2 39 89 3b d7 24 a3 3f 78 5c 4d 01 62 2c 0b 0b 72 ed 98 66 90 b9 7d 1d 53 08 46 ec e8 d4 6f 61 21 09 02 8d a9 6a 2d c0 7d 51 68 92 ff 58 f0 c4 d5 e3 f4 27 42 56 19 3a 35 c6 24 8c 06 f8 ed 8b aa d9 ab 39 e8 2d 24 62 52 82 fa 92 c9 28 92 93 a6 98 1a d6 83 91 13 40 1f 70 58 4e 81 59 e3 34 37 ff be 25 8e 8d ad f5 f5 da bc 6d 71 a3 a6 96 61 e0 a8 38 f8 73 6e 0b 90 7c f0 01 09 b5 42 de 7b 97 c5 90 2a 69 a2 62 e5 67 d4 d4 b1 b9 47 32 1c 95 e3 52 e0 02 f5 bb 30 d9 70 fd 2e 30 b3 e9 23 24 d8 c4 a6 d0 40 d4 51 cd 35 Data Ascii: j <x3N2Ie@Y5ro'%!htw"vNRD8m#0=cd(9;$?x\Mb,rf}SFoa!j-}QhX'BV:5$9-$bR(@pXNY47%mqa8sn|B{*ibgG2R0p.0#$@Q5
2022-03-03 07:35:34 UTC 1217 IN Data Raw: ad 02 a1 fa 8b 09 90 fe a0 3f 1f 8e a6 f3 e9 38 39 06 55 aa 4d d6 1f 95 65 ff 69 b7 f7 7c 5e 9e 76 07 27 f3 a3 41 79 d2 5f 05 44 3d 9c 97 07 74 34 1a 9f ce fb e5 a4 37 1e 9c 91 c7 22 26 91 f2 d0 9e 95 dd 7e 39 5e 85 41 95 3c f2 30 ce c6 a3 d3 b3 69 42 9e b4 cb 90 07 31 2e 7f 9b 0d c6 65 42 1a aa f1 91 87 32 7d 79 56 ae 61 77 3a 59 90 80 3a 1d 8c c7 a3 f1 60 78 dc c8 ee 7c 32 7b 5a d1 08 7e 4a c4 98 08 9d 13 80 c3 72 fa 62 34 7e 0e 72 74 74 54 8e 2b 71 7c 31 38 1a 24 f4 26 52 da 2c a8 dc 01 a9 57 14 65 81 4c ba a7 25 89 0a 35 3a 92 85 f2 a2 e2 d9 fc ac 97 90 26 0d 0b 53 18 a3 d5 55 d4 e3 b1 c9 b2 b3 f1 e0 bc db 7b 39 ef 77 a7 dd f9 6c d2 3d 2e 09 75 4a 9e 3b 4d c0 4c aa b8 9d 36 2e 54 60 41 af 3f 19 1d 27 e6 91 a8 ad 11 8b a7 b3 b3 f9 f9 60 32 78 3a a8 85 Data Ascii: ?89UMei|^v'Ay_D=t47"&~9^A<0iB1.eB2}yVaw:Y:`x|2{Z~Jrb4~rttT+q|18$&R,WeL%5:&SU{9wl=.uJ;ML6.T`A?'`2x:
2022-03-03 07:35:34 UTC 1218 IN Data Raw: 1f 38 fe a9 df ab 35 cb 57 a2 ba db b5 5c d7 77 3d 5b e6 c4 0e 6c cb 73 4f ef 1e b3 5d 5a 3d 8b 27 75 16 7c 1d 39 34 3d db 75 fc c0 76 3c c3 23 7b 8b 47 64 89 a8 36 a8 31 72 74 2b f0 1c 1d 69 37 75 53 b7 7c 12 d7 7d 3c 8f b1 9a 75 ac 65 3b b1 d4 ba 4f a9 d8 f0 47 86 14 16 da 9b f1 a4 33 9a cc 6e a3 fe cd 1b b6 5d c7 2b 86 4c c6 da 95 10 8b 35 d7 ae 71 e3 9b b0 df ab ae ff dc dc 3d 1e 76 fa 6f 7e 2c 2f 94 3f cf 10 c7 76 cd 1e f9 93 58 cf 79 9a 95 01 34 66 e5 3f 1e 45 92 f3 24 97 d1 bc 31 ca b8 1b 63 72 d9 2c 2f bf 84 45 6e b0 8e 6e 50 7a b0 cf 9e 9f 5b 52 33 db 3e 9d 66 e7 af 17 ec 6f 5f 0a ae eb fa 5f 2f b2 2d 4b 9a 7f 30 ed 29 e5 5f 7f fa 72 f6 94 e7 db ec fd c5 45 56 6c b7 22 cd cf 17 65 6e ce 1f c5 e6 e2 f1 90 ca 0b 96 64 bf f2 f4 c2 0c ca ee fc 72 a6 Data Ascii: 85W\w=[lsO]Z='u|94=uv<#{Gd61rt+i7uS|}<ue;OG3n]+L5q=vo~,/?vXy4f?E$1cr,/EnnPz[R3>fo__/-K0)_rEVl"endr
2022-03-03 07:35:34 UTC 1219 IN Data Raw: 6c 45 c2 30 58 68 35 3d 32 b9 4c b1 5b f2 54 ee 58 75 29 3e 5e 15 7d 3e 34 8a e9 59 76 10 60 c4 70 1c 20 33 9d 1a e6 69 55 8e 6c 59 2d 0c 31 14 9b 35 b4 48 e5 c2 93 fc 8a d8 1d fc 61 79 80 43 b2 e3 af d1 4f 7b ae 76 6c 23 9a 60 6b 8e 02 bb 00 76 51 59 60 f7 c0 b1 6c 9f 64 eb a8 1a 8e a1 a2 02 7d 90 bb 6d b9 36 86 2a 07 73 95 67 39 34 db c7 33 92 a8 8d 4c 39 7c f9 36 08 06 a2 4b b7 5d 52 82 d7 3b 09 9e 88 17 29 3f ac 72 f3 3d 62 96 a8 98 b0 cd 77 7d bb 15 9b 1a 03 8a ef 1b 38 3f 0c 44 92 03 64 5a 36 f5 0c 26 57 96 36 05 50 cd dc 2f 80 99 69 fc 50 84 9b 17 18 29 ab 5d d4 e9 f0 e2 93 21 ec 11 3a 36 2d 2a 0c 69 9e f2 32 82 9d ff 37 a3 d6 2b b3 54 23 d3 15 69 7d 7d 54 fa 9d d3 51 9e 8a 02 49 81 6c 17 79 35 25 39 a6 e5 36 3a dd 81 b8 03 f0 99 be 87 d9 1a 60 e5 Data Ascii: lE0Xh5=2L[TXu)>^}>4Yv`p 3iUlY-15HayCO{vl#`kvQY`ld}m6*sg943L9|6K]R;)?r=bw}8?DdZ6&W6P/iP)]!:6-*i27+T#i}}TQIly5%96:`
2022-03-03 07:35:34 UTC 1221 IN Data Raw: 88 fd 37 30 6d e1 a7 0f 69 f5 5b 54 52 65 6b 60 e2 46 bf bb 12 6a 1c 79 50 4a a2 f9 85 67 d5 f1 50 9c c8 73 de 52 a1 4b 7e 94 07 0f 19 7f 40 39 65 e2 6b be e3 a9 76 3f ec bf 93 e7 9b a9 f8 e7 bf 96 f2 14 94 61 4a db c7 f5 d9 54 bf 33 7e c7 2a 69 2f 5f 9c 78 ba ef 5b 3e 54 ac 3c a1 52 ab 65 a2 eb 92 38 2b 2a 8a 4e 78 cb b9 0b f8 3c 93 b0 5b a5 e6 2e ec 45 9d d9 68 30 9d 84 a3 59 a7 d7 8b 26 d1 a0 df b9 9d 75 07 77 77 61 7f 32 3e 7d aa ea 05 18 f5 33 ed 45 83 d9 df a7 9d db 68 f2 e9 d4 83 0a bd 88 87 6e a7 df 0d 6f 67 1f a6 93 c9 a0 4f 63 a0 ef 98 a8 87 41 7f 82 05 20 8a 70 2c d7 74 ea 44 35 88 11 27 bd a8 37 eb 0f 26 b3 c9 88 2c 43 25 24 89 fd 65 18 f6 3e 74 ba 37 b3 f0 ae 13 dd ce 2e a3 f0 b6 77 ea 48 75 10 df ee e8 72 30 ba 9b f5 c2 71 77 14 0d 95 cb 52 Data Ascii: 70mi[TRek`FjyPJgPsRK~@9ekv?aJT3~*i/_x[>T<Re8+*Nx<[.Eh0Y&uwwa2>}3EhnogOcA p,tD5'7&,C%$e>t7.wHur0qwR
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 112 of 135
2022-03-03 07:35:34 UTC 1222 IN Data Raw: 81 e3 05 be e9 99 96 ef 39 81 a9 1f 3f 1d 6e 35 92 7e 7b d6 75 6a 4c a7 09 59 6a 4b f6 61 ee 6e eb 1f 0f a9 b6 a2 e9 4b b2 d4 9e 68 9a d2 d5 36 d1 52 ba 78 ca a7 53 92 69 8f 5c ac 96 9e 5b 5b 52 f1 cf d5 af 62 6d ac ea fa 9e 6b bb ba 65 04 ba e7 1c 2f 1d 95 db 66 b1 39 4d e7 74 46 eb 45 69 50 72 05 b6 e9 db d8 a5 0b 59 df 30 5d cf 32 8e 35 dc 27 33 ca 57 d7 e6 79 fa 42 56 a4 ca cb 92 9b b1 20 5c 8b 63 9a 86 ad bb be 65 19 d0 a5 5b 8e a4 65 98 2c 69 51 d1 94 66 da 92 ac 1f ca 5c ec 68 c6 15 95 e7 da 67 6e 57 f1 c4 9d b2 3c d5 d6 05 7f 66 2a 7c f0 44 b4 fa 0f e4 a9 20 e7 62 61 47 0f 74 ac 6c 7b 86 ee 9b 7e e0 f8 c7 0b 77 77 36 73 09 d7 72 5d df f5 6c e6 36 3b b0 2d cf 3d 96 18 71 7f 2d b9 3d 29 ad a8 10 f5 75 38 db f4 6c d7 f1 03 db f1 0c 4f 4a 8b 6b 92 2d Data Ascii: 9?n5~{ujLYjKanKh6RxSi\[[Rbmke/f9MtFEiPrY0]25'3WyBV \ce[e,iQf\hgnW<f*|D baGtl{~ww6sr]l6;-=q-=)u8lOJk-
2022-03-03 07:35:34 UTC 1223 IN Data Raw: ab e5 b9 16 2a 7c 78 64 d5 6e d7 c0 6d 7c 37 cf 17 64 f6 44 4e b5 c7 1c db 22 9a a0 8f 47 58 8d 6e c8 78 e7 b6 76 eb cc cd 34 f1 77 80 aa 26 ef 59 b2 81 2e 69 b5 d3 7d 56 51 e1 81 60 89 2d 35 66 9e 1d 86 a0 6a 06 98 12 95 73 14 b3 a6 42 8a 19 15 dc 1b 65 cf 79 be 8d 49 cc 02 cf 00 7c a2 c7 a3 54 2d 89 7a 47 ac 0b 24 aa 64 13 b3 92 0d ea 0f a0 b1 18 6e e8 a6 63 01 83 8f 75 dc 15 f9 a2 20 ab c7 64 4a 78 36 b0 df b8 b0 89 1e 86 f1 c6 f6 7c b4 31 d7 36 7c 19 27 b6 c2 79 d5 71 58 12 6d d9 e4 23 c6 3b 16 eb 8a 20 38 1b a2 1a 7a 04 ca 14 4f 79 a6 81 06 22 11 36 14 54 e3 14 bd ab 49 0f 44 22 29 85 a7 2b 69 4a 5a e6 db 4c 8c 47 b6 83 d6 e6 63 20 35 eb 41 d1 f1 15 0d b4 d5 6a 8d 01 67 c9 c6 36 f1 05 aa f9 ee bb 13 19 a3 8e 68 32 81 69 39 68 76 4e a0 2b 96 d4 de e7 Data Ascii: *|xdnm|7dDN"GXnxv4w&Y.i}VQ`-5fjsBeyI|T-zG$dncu dJx6|16|'yqXm#; 8zOy"6TID")+iJZLGc 5Ajg6h2i9hvN+
2022-03-03 07:35:34 UTC 1224 IN Data Raw: 45 4c 31 5d fa ba 65 b8 26 7a 0b 86 6d 4f ee f3 7f 8e a6 35 61 15 a5 32 dd b3 17 66 78 1b 71 5b 72 ea a6 fd b4 4e cf 35 f3 d4 d6 ae ae b7 3b fd 0e fb f4 b3 30 db 73 3d d3 36 41 51 c0 bd 2c 40 b1 34 e5 d4 03 9f aa 0d ef a6 b8 3d a7 3a c8 cc 5a 3d 2b 1e 36 47 19 58 c7 34 c1 64 4d 89 59 a8 e3 2b 26 5d f1 89 08 65 3e 23 27 e0 29 35 91 d6 03 5f 79 03 a9 3e e5 f6 d1 72 82 20 70 6b 9e 63 db 9e 21 83 41 87 6f e2 81 ff 58 08 25 5c da aa a1 de f7 41 b4 5c dd c3 44 28 61 c1 48 60 cf d1 a1 a3 7c e8 ce 7f 6c 8e 46 b1 37 88 bf fc 8b 1b b2 62 7b 7f 5d 47 06 e5 b6 18 46 fb 96 0b 7e 16 d8 81 d4 19 0f 98 a3 0f 92 0b 1a 6d 1b e0 52 8c c6 d9 7f bc ca 36 8c 1e f2 0f 4b 5a 02 b9 f9 63 8b b7 65 f7 fd 89 c8 07 db 35 6c df 36 d0 d6 d1 db 3d 64 d7 b1 2d bf 1d 8c 7f 8c 2d f8 86 13 Data Ascii: EL1]e&zmO5a2fxq[rN5;0s=6AQ,@4=:Z=+6GX4dMY+&]e>#')5_y>r pkc!AoX%\A\D(aH`|lF7b{]GF~mR6KZce5l6=d--
2022-03-03 07:35:34 UTC 1226 IN Data Raw: a3 9b 68 22 15 86 e2 3d f5 03 61 3e 16 62 64 11 84 e1 32 bc 63 28 26 ed 40 f1 92 c1 4e 0b 28 aa e4 2e c5 e5 44 f3 fc 5d 38 1e 4a 02 aa 97 85 77 02 37 a1 0c 5f 8a b7 a9 9b e7 87 51 24 b5 67 d5 f9 5f f3 fc b8 a7 da 82 ea fc bd 91 b8 ef df 8c 6f 25 09 d5 7f f3 79 7d fd 1f 50 4b 07 08 5d 1c 7c 4f 11 10 00 00 16 36 00 00 50 4b 03 04 14 00 08 08 08 00 2a 8c 04 51 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 5f 6c 6f 63 61 6c 65 73 2f 69 64 2f 03 00 50 4b 07 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 29 8c 04 51 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 5f 6c 6f 63 61 6c 65 73 2f 69 64 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e bd 5a db 72 db c8 11 fd 15 44 f1 c3 ee 16 4d e1 7e 71 d6 71 41 24 28 c1 e2 6d 49 50 2a a7 5c c5 1a 8a Data Ascii: h"=a>bd2c(&@N(.D]8Jw7_Q$g_o%y}PK]|O6PK*Q_locales/id/PKPK)Q_locales/id/messages.jsonZrDM~qqA$(mIP*\
2022-03-03 07:35:34 UTC 1227 IN Data Raw: 59 dc 2a d2 76 93 3c 80 b1 d8 43 9c 14 03 53 c6 cb 2a 96 d6 c9 36 8f 4b de 62 5c 6a 2c a3 35 df 56 7e 99 86 0b d0 78 04 57 9b 90 eb 87 1d 04 4b e1 9c 8f dd e1 11 79 5c aa 96 82 20 77 11 08 52 ca e3 2c 5f c3 49 1a ee b3 ca 9f 04 94 48 db d2 a0 cc 13 2e 7a f0 c7 87 3c 2e 6e 97 e3 b9 de 29 a7 16 a5 3c a1 d8 06 b4 cb 27 bd 85 ba 62 18 c2 47 44 85 86 e1 46 f7 51 96 ef db 92 7f 98 cd 6e 1f 2d d8 52 34 ab 7a 31 2d 69 c1 cb 2f 0d b9 ac 91 50 4b 20 eb 34 ca f8 dc f2 fa af 19 4f 04 fc 40 d5 3f b2 56 1d 0e 08 b2 25 44 0d b6 20 4c 73 44 63 1d 2e a2 c7 e2 1e 9e fa 85 3f 7d cd b6 51 5b ea 96 68 b1 ad ea 82 0f d8 3e 2f b9 55 ab 88 f8 5b 98 e5 8f 39 44 20 5b 7d 65 b5 56 58 62 e6 59 61 5b 07 a6 b6 7d 5e 4a a1 1a 8f 43 f6 1c 90 0d c3 30 fc 5f ac 66 b7 4f 96 18 50 79 ae 42 Data Ascii: Y*v<CS*6Kb\j,5V~xWKy\ wR,_IH.z<.n)<'bGDFQn-R4z1-i/PK 4O@?V%D LsDc.?}Q[h>/U[9D [}eVXbYa[}^JC0_fOPyB
2022-03-03 07:35:34 UTC 1228 IN Data Raw: f2 b0 8a 3f c4 b2 2d 6b 8a a9 02 0b a1 fb 2d ca 24 7f 98 9b 91 c1 0b 34 e4 d2 4f e0 2a b6 41 a2 4a 6a 4b 97 2e af fe 2d 7d 41 63 68 f0 ab 9f ab 87 a2 2d 51 d1 ae a3 78 a1 0c 00 1e 44 4b f6 b1 c7 41 cd 7b c5 f3 5f 1e 6f f3 2c e4 8a 54 81 2f 55 85 c0 50 29 05 e5 48 88 3a 98 68 10 38 51 81 b3 0a f5 22 3b 36 e5 df fa 18 c6 e5 e4 5e 5a 01 e4 1c c7 31 0b b2 43 17 af 08 aa 04 09 86 b6 96 65 6f cb ff 4a 3b ad 00 18 db 06 c1 9a b2 05 c5 4c 4a a5 5b 82 c2 f3 d9 cf 73 23 ff 83 a1 5c 30 d9 1f 87 e5 d0 43 1a 07 21 5b 33 c1 ca 8e ee d0 d3 c7 83 20 b0 a1 54 a0 76 74 05 fc ca b9 5b 17 a6 6a d9 9f af 19 ba 45 41 de 16 e9 5a 7a 83 0c 41 9f ac 2b 00 76 a0 bb 85 7d 26 8f 66 51 f5 64 10 86 ad 18 8e 86 e6 cb 86 e6 32 55 7a 8a 5c 6f e4 f3 ab 14 1b 51 75 50 58 a6 a2 18 b2 cc 93 Data Ascii: ?-k-$4O*AJjK.-}Ach-QxDKA{_o,T/UP)H:h8Q";6^Z1CeoJ;LJ[s#\0C![3 Tvt[jEAZzA+v}&fQd2Uz\oQuPX
2022-03-03 07:35:34 UTC 1230 IN Data Raw: e0 9b b7 7a fc d4 f3 08 3d 8b ce e5 ea f1 b3 a1 68 09 a2 d3 e6 da e2 66 d4 9f 0d 88 85 e8 2b e5 a7 a7 ff 00 50 4b 07 08 db d0 86 a4 8f 0e 00 00 6b 2e 00 00 50 4b 03 04 14 00 08 08 08 00 2a 8c 04 51 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 5f 6c 6f 63 61 6c 65 73 2f 69 74 2f 03 00 50 4b 07 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 29 8c 04 51 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 5f 6c 6f 63 61 6c 65 73 2f 69 74 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e bd 5a 69 6f db 48 12 fd 2b 5c 6f 80 39 e0 d8 bc 8f 60 66 07 8c 44 d9 9c c8 92 47 87 83 2c 02 08 6d 89 96 1b 43 91 1a 1e ce 4e 02 ff f7 7d d5 24 6d 45 dd f4 ec 2c 76 e7 8b 2d 5b 5d d5 dd d5 55 ef bd 6a f2 cb 89 a1 1b 7e e0 db 8e 6b d8 be ef 98 ba 63 78 27 6f b4 2f Data Ascii: z=hf+PKk.PK*Q_locales/it/PKPK)Q_locales/it/messages.jsonZioH+\o9`fDG,mCN}$mE,v-[]Uj~kcx'o/
2022-03-03 07:35:34 UTC 1231 IN Data Raw: 67 c3 d9 36 03 1f c2 86 6b 6b 96 21 63 e9 df 80 f5 3a e3 6b d6 64 2b 96 56 b0 2c cb 11 fd 07 ce 9a 53 68 a1 94 81 60 7f 43 9e 97 9c 95 f4 7f 52 21 ad 95 58 c9 9a 14 11 79 e4 d9 3a ad 05 11 97 f9 be 80 b6 f8 a5 c6 f2 9e b3 0d 92 25 81 51 5d f1 94 7f fe cc f0 0d b6 ae 41 c6 a0 48 01 6b 8c 18 9c 2a e8 36 4d 76 1c 3b d8 71 92 5a 05 fd 1f c1 bb ab 33 31 e9 99 16 6b 1b 5a 21 8c cb 5c ec a6 5d f3 29 2d 7a 97 6f 72 2d 29 f7 29 70 12 33 60 76 50 59 8d 8f a7 58 15 f6 57 01 14 52 32 2f 13 00 07 c6 a6 a4 88 ca aa a0 5f c5 ae 89 2c c3 32 f8 03 5b ff 8e c9 c8 37 8d fb ed 68 33 6c bd 16 e9 4a 31 68 55 04 2a a3 64 4f fb 2b d2 76 83 e9 d3 4e 5a f1 97 88 6d 62 0a fa b5 c9 c9 4b 8e f5 14 0f 10 9b 4d 41 da d0 b6 16 08 02 d5 0c 7c 46 aa 59 b2 54 aa 73 04 29 e5 3b 9e b1 46 fb Data Ascii: g6kk!c:kd+V,Sh`CR!Xy:%Q]AHk*6Mv;qZ31kZ!\])-zor-))p3`vPYXWR2/_,2[7h3lJ1hU*dO+vNZmbKMA|FYTs);F
2022-03-03 07:35:34 UTC 1232 IN Data Raw: d4 2d 20 ad a7 7b 1e b5 c2 f8 20 61 d4 90 97 6d 66 09 be 6a cc 3c 52 1c 8e 81 d3 42 ef 01 98 96 5b 79 48 ba ac de 51 06 d1 45 07 2b aa 64 cd 51 85 88 3b a1 26 9a 58 ed b9 ca 90 33 da 8e 04 5e 26 c4 59 25 ee 62 d3 6f 3a 81 dd 4c 09 a1 ef eb 96 e1 9a 00 53 74 2b 9e cc 4d 3d 1a 80 98 9f 37 cc 8f b5 50 57 9d 68 df b2 0d da be 64 b7 07 01 9b a7 b6 76 71 f9 19 b6 0e fd fe ae 9d 0e 9d 94 69 9b a0 43 d0 ba 05 90 91 44 ee 98 ce 1d 6d f4 e1 05 72 c3 ec 5f 93 bd f0 47 39 4a ba d9 80 63 d3 84 9e 31 25 6a 9b 71 29 ce e8 74 88 06 c1 88 42 37 e9 81 af e6 f7 ee 4e e9 c0 12 18 19 04 81 2b e8 d4 b6 3d 43 ae 28 1c 2c e5 14 cf ea d6 c4 12 c8 e4 fb a0 6e 57 f7 20 ee a5 6a 1a b6 f0 21 3a fc a7 59 9f ef 11 fe 5a 22 50 2c f8 af 63 02 48 2e 8b f0 ca b7 5c d0 7c 60 07 12 3c 7f 25 Data Ascii: - { amfj<RB[yHQE+dQ;&X3^&Y%bo:LSt+M=7PWhdvqiCDmr_G9Jc1%jq)tB7N+=C(,nW j!:YZ"P,cH.\|`<%
2022-03-03 07:35:34 UTC 1233 IN Data Raw: 32 7f af 28 1f c5 eb 58 07 2e 2e c3 c9 05 a4 cb 2a 9e 84 28 9b 1b 69 05 aa bb 5c a5 f9 0d aa 4d 96 4e 8a b7 28 14 d6 6d 07 20 b7 8a f2 23 32 85 f5 22 5e 8c a3 95 54 18 8a 57 0d 0f 8c 9b b6 10 2d 4b 2b 18 06 e1 35 a1 98 b4 03 c5 c3 db 27 2f 90 a8 52 b8 14 37 e6 dd f8 eb 70 39 97 0c 54 6f b2 3d 19 8c 43 19 be 14 ef f1 75 e3 e7 51 24 d1 b3 ea 0a ae 1b bf 9c a8 b6 a0 ba 8b ee 2c 6e a6 e3 e5 95 64 a1 7a 17 fb f1 f1 df 50 4b 07 08 35 c9 27 78 2c 0f 00 00 5d 2f 00 00 50 4b 03 04 14 00 08 08 08 00 2a 8c 04 51 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 5f 6c 6f 63 61 6c 65 73 2f 69 77 2f 03 00 50 4b 07 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 29 8c 04 51 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 5f 6c 6f 63 61 6c 65 73 2f 69 Data Ascii: 2(X..*(i\MN(m #2"^TW-K+5'/R7p9To=CuQ$,ndzPK5'x,]/PK*Q_locales/iw/PKPK)Q_locales/i
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 113 of 135
2022-03-03 07:35:34 UTC 1235 IN Data Raw: ec 9e a2 a1 4f cd d5 3c 24 44 ec 4b f5 39 af c9 4b 80 9a 10 2a e0 d3 02 fb 36 26 3a 72 ce c2 d4 2b 15 44 3f c1 41 75 da 4a 5b 1a 27 ad 68 85 9e ac d0 46 49 ad 04 53 f0 5c 40 be 4c 4a 10 91 7e b2 8b 7c 6e 4d 02 95 0c 24 6b e0 39 81 7d b2 56 6e b3 5e ac 0c c7 b9 62 80 03 2d c0 db 14 f6 0d 10 6e 12 31 11 ec 03 38 d8 36 d6 fd 03 ba 0b 81 2b 0f 1f 69 e4 1c 0e 49 fd f8 b2 e1 a2 54 3c e7 cc 8a 32 fa 0b 0a 99 36 fe ec 62 c7 3c a0 e9 c5 11 81 dd 0e 25 71 17 54 e6 ad 1a 2b ee c6 6f 40 d6 88 41 c0 79 e0 fb 94 2f d4 7f df c5 77 89 95 7f ae e1 89 2e 20 a1 5d 5c 03 6c 91 8d a3 f8 11 46 11 5c 4f 79 cb bc 48 84 22 8e 57 36 ba 22 ee 39 15 14 66 b3 89 21 38 af 61 d7 2b b0 2c 38 c7 f1 95 33 b9 5b 2f 43 6e 09 14 a6 31 87 b5 ab a7 a1 8d 63 6e 3d 87 77 3b 83 eb 50 7c dd f1 83 Data Ascii: O<$DK9K*6&:r+D?AuJ['hFIS\@LJ~|nM$k9}Vn^b-n186+iIT<26b<%qT+o@Ay/w. ]\lF\OyH"W6"9f!8a+,83[/Cn1cn=w;P|
2022-03-03 07:35:34 UTC 1236 IN Data Raw: c6 4d f2 5a 13 8d 01 35 68 fc ae fe 3d c5 02 60 b4 82 5c de 33 5a 02 09 7c 4d db c5 2b c3 13 c8 64 e5 8c 0d 00 48 53 0e 85 24 32 c8 1d 3f 05 65 62 13 f9 6b 0a aa 9c c4 12 4a 43 d1 0a 5e aa 23 67 be b8 37 73 e9 c5 81 af 08 f3 de 96 9f 23 7b bc fc de e7 ec a1 d4 df ef 98 3d d1 46 5b c0 10 09 87 fc 0a 51 1c d2 ec 56 bf f7 a2 1a 8e 27 b5 e9 bb ad 4c b8 82 e4 60 a1 6c 13 46 4b 46 18 c3 66 c2 44 7b 20 41 71 d4 3b d8 ac 9f 68 01 b6 a4 52 5a 40 30 e0 77 c6 b2 4d 23 5e 09 b2 f8 06 5f ef b5 82 3f 06 87 5c fe Data Ascii: MZ5h=`\3Z|M+dHS$2?ebkJC^#g7s#{=F[QV'L`lFKFfD{ Aq;hRZ@0wM#^_?\
2022-03-03 07:35:34 UTC 1236 IN Data Raw: 38 5e a4 11 7b e1 ba f1 f8 82 73 ee f6 96 54 f2 7c 16 1a c4 15 31 79 5c 47 78 ab c3 63 1c af 1d 49 1c 05 44 72 b0 1f 3c bc 4c 1c 3e 82 a8 a0 c2 16 b9 5b 88 52 a1 df d2 76 6d ea 36 2e 91 a8 ca 03 a9 c4 3b 50 09 9b 96 5e 23 57 62 5b 0c 5a ac 9e 2d fa 43 92 98 13 af e2 b6 c1 93 b6 f4 0c e3 e7 06 ce 60 5d a8 b5 36 4d 98 e0 65 13 11 70 98 82 bc fd cc 86 88 37 ba 50 0f f1 a5 1c 82 0e 04 6f 06 f0 15 7c 95 41 48 d8 8a f9 bd 21 d0 98 12 0a 94 6f 70 cb df ab 74 d7 c6 46 f7 50 4d fe ba 61 cf 24 65 ff a7 2c 9d b8 62 f4 41 f6 1a 5e 0b 6a cf cd 0e f7 cd 40 6d 55 a0 6e 87 6c 7f 4d 01 1b aa e7 99 f5 6b 93 02 c0 90 24 40 be 94 a5 69 79 f2 0f 5f 36 00 29 af 1f eb cc 27 2d 4b 67 cd c1 12 15 57 00 1c a9 19 07 b2 63 e9 35 26 71 68 08 c7 74 8a 70 94 c3 31 31 5f bf f5 a9 b5 bf Data Ascii: 8^{sT|1y\GxcIDr<L>[Rvm6.;P^#Wb[Z-C`]6Mep7Po|AH!optFPMa$e,bA^j@mUnlMk$@iy_6)'-KgWc5&qhtp11_
2022-03-03 07:35:34 UTC 1237 IN Data Raw: 86 22 54 d1 88 24 79 a2 e5 44 91 18 74 42 f8 15 be f1 49 ad 1c be 0d 43 7c f8 f6 13 b5 72 94 95 01 96 90 9b 1a 2c a4 08 44 96 53 af b9 c5 96 57 ae 16 c4 52 a2 24 88 12 a0 f2 03 35 1a 11 25 30 9e 82 a7 86 d1 90 2a 54 29 1a 15 1e 7a 33 3d 98 0d 47 b3 ac 04 36 a1 39 86 93 d2 51 42 a5 7d 0f 4f b3 10 08 13 ff 67 22 4a a4 9f 75 26 53 c8 55 25 e0 cb 88 a8 1b ce 60 46 49 41 aa 08 8d 9a 7a 19 30 4a 01 80 eb 2f 10 7d c0 4f 63 c9 8b 7a d7 94 22 57 e7 af 0d 71 95 98 41 8b d3 e9 8f b2 ec b7 30 99 51 ff 4f 25 4e 84 0a ce c4 fb b7 1b 08 8c 60 af 42 41 c2 61 b8 38 89 5f b2 d1 db 10 10 10 5d d6 38 89 48 86 a0 06 69 37 10 21 32 04 35 40 13 a7 50 43 93 30 ed 86 ff d4 63 03 8d 09 e0 cd d0 64 a9 b1 a0 38 91 e9 e0 ac 33 e9 1e 52 46 46 8d 03 50 84 de 0d a7 50 a1 0f c6 67 84 fb Data Ascii: "T$yDtBIC|r,DSWR$5%0*T)z3=G69QB}Og"Ju&SU%`FIAz0J/}Ocz"WqA0QO%N`BAa8_]8Hi7!25@PC0cd83RFFPPg
2022-03-03 07:35:35 UTC 1239 IN Data Raw: f2 9a 48 a9 98 42 43 68 ca 5a f2 2e 01 ca 90 a4 a1 56 c1 6a 62 21 4b 4b c5 18 ac 4f ea da e7 73 50 64 3e ca 41 93 8b f9 cf 9f 3e dc 5e 15 1f 7e be ac eb eb ea e6 19 1d fc 4a 3e 7b e3 d5 11 83 a4 cb 06 21 6f ae cd 97 5f e9 e7 cf d3 d9 c9 70 92 ff 91 cd be 0c ba 78 6f 32 71 5c 2c ef a4 c5 0e d2 22 34 38 db 80 0e dc 1f 65 f1 e0 0d 2e 6f de 55 57 f7 db e3 9f 5f bb c7 97 a0 7f 21 a0 36 10 0a fe c7 20 4d 2b 82 d4 db 2e b3 0f 1e 0f c6 17 e3 b0 10 3c 97 50 28 d3 16 cc 66 b9 e2 0c 31 3c 6c ed 57 86 c0 33 a2 ab dd a5 ed 80 47 00 24 01 9c b8 ec ad 98 95 ce 5d f4 16 48 48 b1 86 bf cd ba 6a 9c c6 40 45 27 44 73 ae 61 6b c6 39 67 d8 de 3b f5 88 19 4a 04 05 20 a0 2d 94 70 aa a1 16 22 f5 8c 9a 8d 43 03 0d 18 e1 e0 dd 46 29 a6 8c a0 04 6a 82 a5 c8 1a e0 d9 db a5 e0 1d a0 Data Ascii: HBChZ.Vjb!KKOsPd>A>^~J>{!o_pxo2q\,"48e.oUW_!6 M+.<P(f1<lW3G$]HHj@E'Dsak9g;J -p"CF)j
2022-03-03 07:35:35 UTC 1240 IN Data Raw: d5 f5 bb cb cb 9b 30 b1 95 8c ab 76 28 28 b9 02 1b 2a 66 b4 06 3c 60 89 a4 48 46 81 de 81 b6 90 4f fb ce 45 aa 3a c4 bd 6c a8 68 29 dd f0 5f 5a 4b 5d d3 8c cd 4d f0 b3 83 c1 e3 c1 8b 71 43 c4 48 88 5c 6e ac 54 d0 db 4b 95 b6 de e7 a3 10 03 06 9b ed 07 40 07 56 33 83 57 ef 1f 1f bf f7 3f dc eb 1c ac dc 3f c4 49 93 57 73 2a 27 85 20 e0 16 9a 29 03 ca d2 44 50 f4 b8 ea 5e 69 e1 a1 09 a1 72 01 ce 5c c3 62 42 b1 08 c9 3b 1d 2a 34 7c 1f 2e 4b 52 80 2c d6 70 f8 2f 54 6d 4a 2c 2a 48 dc 63 e0 67 70 db f1 3a 3a 1e 08 e7 3d d2 d4 a4 8b b6 be dc d2 0b df 83 20 07 eb d2 56 28 25 09 17 0a 82 89 b8 13 10 a1 50 20 de cb 41 54 d7 ca 78 16 a0 a2 bf e3 5a d6 64 ea c1 72 76 3a 68 05 54 b2 c1 de d1 f0 e6 4e 5b 18 a9 18 a1 50 ce 99 85 62 a8 2c 7a d6 1b 1b 60 1d 25 ca 78 18 71 Data Ascii: 0v((*f<`HFOE:lh)_ZK]MqCH\nTK@V3W??IWs*' )DP^ir\bB;*4|.KR,p/TmJ,*Hcgp::= V(%P ATxZdrv:hTN[Pb,z`%xq
2022-03-03 07:35:35 UTC 1241 IN Data Raw: e9 2c c7 f9 74 f5 fb 72 78 9a 2f 5e ef 53 c0 aa 61 42 61 34 9c 8c b2 d3 d5 f3 e5 62 31 9d a4 3c a4 97 5d 53 0a d3 c9 02 04 00 2e b2 b9 93 69 9f 08 36 4e 4c 88 8c f3 f1 6a 32 5d ac 16 b3 44 0c ac 43 4e d6 1f 67 d9 f8 f9 70 f4 72 95 9d 0d f3 d3 d5 71 9e 9d 8e f7 09 61 d7 dd fa 09 1d 4f 67 67 ab 71 36 1f cd f2 73 54 2c e4 6c ab 9f da 8b 6c 38 ce 66 fb 34 b0 ce a9 9f c6 f9 6c 7a 76 be 48 d4 93 8e 6f fa 49 cc b2 df 97 f9 2c 4b 54 83 4d 8e fa a9 2c 5e 9f 67 07 cc 9d 0e f7 13 52 67 f9 6c 36 9d e5 93 93 d6 77 57 f3 e5 73 a7 23 f8 2a 71 63 04 48 25 04 27 d9 e2 d5 74 f6 12 fc e8 f8 38 9b 39 77 7c 95 1f e7 89 be 11 ac de 4b aa 4f 40 ec 9d a2 5e 22 f3 e1 59 86 b2 82 9d d3 f4 52 79 e5 6c b6 3a 1f 25 aa 49 f1 4d 4a 63 ba bf 0a bb 5a 9a 2c 3b 9f e5 17 c3 d1 eb d5 78 b8 Data Ascii: ,trx/^SaBa4b1<]S.i6NLj2]DCNgprqaOggq6sT,ll8f4lzvHoI,KTM,^gRgl6wWs#*qcH%'t89w|KO@^"YRyl:%IMJcZ,;x
2022-03-03 07:35:35 UTC 1242 IN Data Raw: 67 39 8e 47 8a 49 9e 6e 7d 8a 69 91 39 64 e2 78 dc 73 5c a0 b1 a0 8d f2 06 94 ad 80 0b 7a a9 0a a7 25 7b 59 74 cc 2b bb 56 a6 24 b0 e5 5a 3a 73 85 f4 6e ae b1 a0 37 b9 30 b3 71 0b 56 29 69 44 e1 b5 96 b0 11 a1 2d bf 85 fa 50 5e d5 54 a6 54 e0 44 1c d1 4a 66 2a 27 3f 2c 82 e3 d6 fa bf e9 72 93 d2 5a e3 ee df 4b 74 4a 2a d9 79 94 46 dc 26 b6 d3 48 bb b1 00 29 7e 12 ee f2 38 f1 c5 8a 20 80 31 c6 49 e1 95 0f d6 b3 ce c0 93 4d c7 5d 25 01 17 ba 28 7c e1 4c a5 5b 26 18 ed 8a 3c 77 e7 aa 69 3c d5 56 23 15 2f 40 39 95 33 85 f5 c1 58 27 1d eb 98 f0 f5 23 e3 13 95 e5 9a fa ca ba 13 5d 2b 74 70 56 80 ca 2b a1 84 f6 5b ce 18 9d dc ca 85 b4 1e 0d 47 ed c1 68 72 de ed bd 7c d4 3a bb be 7e f7 61 d1 7a 71 fd 47 74 18 be d8 bc fa 5a 18 2b b7 91 58 8f f6 99 94 65 f9 a8 ec Data Ascii: g9GIn}i9dxs\z%{Yt+V$Z:sn70qV)iD-P^TTDJf*'?,rZKtJ*yF&H)~8 1IM]%(|L[&<wi<V#/@93X'#]+tpV+[Ghr|:~azqGtZ+Xe
2022-03-03 07:35:35 UTC 1244 IN Data Raw: 99 6e ef ad a6 8f c2 7a c1 74 99 a9 4c 37 8f 38 5f b3 ef 50 30 b2 51 d5 cb d9 e8 3e 3a 78 b8 65 61 e6 53 ef da 54 c4 bd 4d 31 29 56 8a 04 0d 95 9b f2 92 cd 55 3c 93 b8 d2 41 71 d1 0a a7 79 38 f4 26 5f 8f af b9 c0 87 38 f0 6a 53 64 3b 0d 98 97 64 3a 5f 9f aa 51 be 6b 14 56 91 48 9b 6c a2 55 38 89 44 8d 15 36 57 d1 4f 8b 8b ed c6 b0 77 09 ef 70 7d fd b9 4e ec 10 f5 8f 32 53 eb 9f 06 fb 78 3f c3 48 e5 d9 fa 78 14 cd 4f e9 3e b7 2b 66 23 64 a2 1e d4 5e 27 3e d8 85 65 1d 48 50 eb 43 06 2a ff 94 12 3d bc 34 11 77 a9 db 4c 9f 04 22 95 04 29 6a 0e 78 45 be d8 e1 36 9b 06 bc 79 a0 ed 8d af 79 03 bd c6 54 d1 48 e3 b5 10 02 92 5f 07 79 11 24 df 7c eb 33 0b b8 be 3f 23 6e 6c 34 2e 9b 6f 57 8c 39 52 7e 52 bb 6b a6 8a bf a5 53 16 1a f2 37 5d e5 60 42 59 0d 39 3e 7b 4a Data Ascii: nztL78_P0Q>:xeaSTM1)VU<Aqy8&_8jSd;d:_QkVHlU8D6WOwp}N2Sx?HxO>+f#d^'>eHPC*=4wL")jxE6yyTH_y$|3?#nl4.oW9R~RkS7]`BY9>{J
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 114 of 135
2022-03-03 07:35:35 UTC 1245 IN Data Raw: 87 1c 98 b9 50 1c f9 49 51 ae 91 ab 2e 0e 1c e1 d8 91 16 61 5e 44 0e a7 78 80 a3 37 42 95 5c 5b f7 5b fb 23 39 d4 be 9a 47 f8 fe 33 ee 3f f4 95 f5 fc 0d 90 b1 df 3c ce 3e 35 b4 ac 8b c7 0d ab 46 ab 7c be 79 b9 1f dd 21 d9 31 e3 15 d0 24 1e 16 44 16 ed a5 16 08 20 74 57 08 25 ab fe 33 a4 73 06 60 33 eb 25 91 a7 a1 c8 ad d1 4a a4 9e d8 49 08 38 00 36 04 a4 de e0 8a 05 84 83 0c 4c bb 2f 1a e7 eb 23 91 f5 58 b1 b0 6e e0 5b 0b 56 19 30 cf b7 a6 1b fa 2e 81 22 8d 6a ea 23 4e 27 a9 67 4c 12 00 ee f8 a2 ea 43 55 15 3b 69 04 1d 02 c7 b5 53 74 c8 87 cc 26 37 ca a8 ff 42 79 e5 c3 54 67 a9 10 f6 2c ce ae 30 0e 18 91 86 6c d3 09 e7 aa 79 7c 78 c3 27 6b 18 af 46 fd 6c dc a0 17 69 b9 aa 46 6c 25 58 a4 91 06 f2 57 7a 07 03 ee 1e ef b0 95 ed d1 3b c9 06 c9 2c 15 0f b7 76 Data Ascii: PIQ.a^Dx7B\[[#9G3?<>5F|y!1$D tW%3s`3%JI86L/#Xn[V0."j#N'gLCU;iSt&7ByTg,0ly|x'kFliFl%XWz;,v
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
32 192.168.2.3 49805 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:35 UTC 1246 OUT GET /images/favicon.ico HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.officefootballpool.com
2022-03-03 07:35:35 UTC 1247 IN HTTP/1.1 200 OKContent-Type: image/x-iconExpires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Mon, 14 Mar 2011 15:40:00 GMTAccept-Ranges: bytesETag: "7a2746145ee2cb1:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:32 GMTConnection: closeContent-Length: 1150
2022-03-03 07:35:35 UTC 1247 IN Data Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 67 3e 12 fc 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fe 67 3e 12 fc 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 66 3d 11 ff 64 3b 0e ff 64 3a 0e ff 66 3c 10 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 ff 67 3e 12 fe 67 3e 12 ff 67 3e 12 ff 69 40 14 ff 61 36 07 ff 4e 1f 00 ff 4d 1d 00 ff 56 28 00 ff 57 29 00 ff 50 20 00 ff 4c 1c 00 ff 5c 30 01 ff 69 41 14 ff 67 3f 13 ff 67 3e 12 ff 67 3e 12 fe 67 Data Ascii: h( g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>g>f=d;d:f<g>g>g>g>g>g>g>g>g>i@a6NMV(W)P L\0iAg?g>g>g
Session ID Source IP Source Port Destination IPDestinationPort
Process
33 192.168.2.3 49806 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:35 UTC 1246 OUT GET /themes/theme-0-1/ofpLogo.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.officefootballpool.com
2022-03-03 07:35:35 UTC 1248 IN HTTP/1.1 200 OKContent-Type: image/svg+xmlExpires: Sat, 15 Feb 2025 00:00:00 GMTLast-Modified: Tue, 22 Sep 2020 22:18:03 GMTAccept-Ranges: bytesETag: "8cbf203d2e91d61:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:32 GMTConnection: closeContent-Length: 1855
2022-03-03 07:35:35 UTC 1248 IN Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 31 38 2e 31 2e 31 2c 20 53 56 47 20 45 78 70 6f 72 74 20 50 6c 75 67 2d 49 6e 20 2e 20 53 56 47 20 56 65 72 73 69 6f 6e 3a 20 36 2e 30 30 20 42 75 69 6c 64 20 30 29 20 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 73 76 67 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 53 56 47 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 47 72 61 70 68 69 63 73 2f 53 56 47 2f 31 2e 31 2f 44 54 44 2f 73 76 67 31 31 2e 64 74 64 22 3e 0d 0a 0d 0a 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 Data Ascii: <?xml version="1.0" encoding="utf-8"?>... Generator: Adobe Illustrator 18.1.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) --><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1
Copyright Joe Security LLC 2022 Page 115 of 135
Session ID Source IP Source Port Destination IPDestinationPort
Process
34 192.168.2.3 49809 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:35 UTC 1250 OUT GET /themes/theme-0-1/ofpLogoText.svg?v=3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.officefootballpool.com
2022-03-03 07:35:35 UTC 1251 IN HTTP/1.1 200 OKContent-Type: image/svg+xmlExpires: Sat, 15 Feb 2025 00:00:00 GMTLast-Modified: Tue, 22 Sep 2020 22:18:03 GMTAccept-Ranges: bytesETag: "8cbf203d2e91d61:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:32 GMTConnection: closeContent-Length: 5670
2022-03-03 07:35:35 UTC 1251 IN Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 32 32 2e 30 2e 31 2c 20 53 56 47 20 45 78 70 6f 72 74 20 50 6c 75 67 2d 49 6e 20 2e 20 53 56 47 20 56 65 72 73 69 6f 6e 3a 20 36 2e 30 30 20 42 75 69 6c 64 20 30 29 20 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 73 76 67 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 53 56 47 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 47 72 61 70 68 69 63 73 2f 53 56 47 2f 31 2e 31 2f 44 54 44 2f 73 76 67 31 31 2e 64 74 64 22 3e 0d 0a 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?>... Generator: Adobe Illustrator 22.0.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) --><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1"
Session ID Source IP Source Port Destination IPDestinationPort
Process
35 192.168.2.3 49810 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:35 UTC 1250 OUT GET /images/homepage/startapoolBG_2019.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.officefootballpool.com
2022-03-03 07:35:36 UTC 1256 IN HTTP/1.1 200 OKContent-Type: image/pngExpires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Mon, 24 Jun 2019 21:13:38 GMTAccept-Ranges: bytesETag: "218e1cb1d12ad51:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:32 GMTConnection: closeContent-Length: 87451
2022-03-03 07:35:36 UTC 1257 IN Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 e8 00 00 00 5a 08 06 00 00 00 2b 49 7c 07 00 00 20 00 49 44 41 54 78 9c 84 bd 69 b3 64 c9 6d 25 08 77 8f b7 e4 c6 ac 62 91 12 29 6a 24 75 9b 75 b7 8d d9 d8 7c 99 ff ff 2f e6 c3 6c 36 2d 9b 16 45 89 55 ac aa cc ac cc f7 5e c4 75 c7 98 03 38 00 dc 23 92 0a a9 98 99 b1 dc eb d7 17 2c 07 07 40 29 ff e5 7f 63 66 26 9a ff 95 42 a5 14 9a 2f 79 6f be aa fe 9b ec 0f b2 b7 f1 2a 5c ed 7b 1c bf 1b f1 25 5c 4f 3e 2b a4 f7 91 6b a7 eb ce ef 94 74 6d 1b 0b c9 ff 17 bd a6 dd a7 d8 18 7d 7c db 6b 79 9f 3b 51 69 b7 c7 22 f7 b0 7b e7 17 ee ed cf 17 d7 2c fb 77 e5 99 7a 7c 9f eb d5 fc 15 1a c4 34 df 6f 54 2e 17 1a 6f 5e 53 79 f7 9d ce c5 c7 bf 10 3d 3d 11 9d 4e 44 fd 99 e8 57 bf 23 7a f7 0d 51 bf 10 f1 20 3a 2e 44 1f Data Ascii: PNGIHDRZ+I| IDATxidm%wb)j$uu|/l6-EU^u8#,@)cf&B/yo*\{%\O>+ktm}|ky;Qi"{,wz|4oT.o^Sy==NDW#zQ :.D
2022-03-03 07:35:36 UTC 1272 IN Data Raw: aa 96 53 61 4b 49 49 e9 5f 70 62 52 da 51 41 ba 55 65 cd 50 18 66 d3 34 9c b9 43 db 47 d9 86 9b 7a ba 57 2b d2 98 72 aa 17 39 93 c6 72 d4 66 36 83 39 a4 28 90 ef bf 53 a7 3a c6 87 bd 11 73 5a 50 07 c1 d6 51 74 fb 01 cb 78 ac 3a 07 20 9a 3d df 90 a9 ed ae 07 e5 59 e7 58 c0 9c e9 e6 34 57 0d 98 c8 bc 5c 2e ee 34 d6 69 3f 70 a4 07 66 76 9d fa 08 1b 33 91 c3 51 2e d6 ee 4b 81 3d 00 91 d1 ce af 9e 4e 9a 7e c6 09 e4 a9 25 40 03 a9 69 c8 1a 37 00 d8 07 66 08 b6 c2 c9 ba f9 f0 69 b5 1d 8c 55 33 a4 f0 19 79 3b 53 77 ce dd 5e ec 29 58 c5 6e cb f8 dc d3 fa 52 db 21 18 9a 1a 48 4c f2 c9 f5 06 9e e7 b4 16 99 4b 7b 5b 6d 2c 30 5c 4a b0 a1 c8 f2 cb 9b 31 06 c7 f0 7b f9 fe 42 6a 28 58 71 8c b4 26 ab ad 32 8e 54 84 17 af 11 01 5f a4 66 16 65 a0 03 9f 61 97 87 d8 73 33 8d Data Ascii: SaKII_pbRQAUePf4CGzW+r9rf69(S:sZPQtx: =YX4W\.4i?pfv3Q.K=N~%@i7fiU3y;Sw^)XnR!HLK{[m,0\J1{Bj(Xq&2T_feas3
2022-03-03 07:35:36 UTC 1288 IN Data Raw: de 16 7a d8 23 52 e9 07 b6 ff 3b 5f 86 1a 63 f2 b3 72 d6 e7 56 95 ca 26 2e 40 4c 6c d2 4b 84 71 a0 28 d6 c2 af 03 74 f9 4b 50 ec 31 ed 7e 65 28 1c 33 15 6a d4 67 0c 16 f4 63 b4 bd f9 fa 2a 6d 10 05 fc f1 87 c8 2f 7f 96 f2 fe fd 34 c6 db 91 36 d9 50 f2 3d 22 44 3e 07 60 f1 24 b6 59 32 5c d6 3c ea df 67 14 c5 56 40 1d be d1 b2 7b 1d fc b5 17 55 0c 5a eb 38 a2 fa 23 72 de 0a f5 69 3f 27 29 c7 dc 28 43 e0 db db c5 80 96 1e 37 e2 ec f9 97 2f 18 93 45 1d 0e 8e 6e 51 9a 7b d7 54 22 4e 81 11 d4 32 62 5d 1b 6a dd 58 f9 36 af 51 42 dd 1e b5 da 2a dd 95 f8 5a c7 c1 32 3a 7a 78 52 84 bd 34 97 9f e6 f2 c2 6f 1b 9d a9 b8 44 ae c8 63 ca 3d ea 56 96 73 0e 72 44 22 fd 31 04 76 a5 1b 66 d9 e6 e8 f1 02 23 74 17 b5 6c 64 af 08 57 ed e4 74 63 a0 7c 59 79 c3 69 4a 9d 53 0b 7d Data Ascii: z#R;_crV&.@LlKq(tKP1~e(3jgc*m/46P="D>`$Y2\<gV@{UZ8#ri?')(C7/EnQ{T"N2b]jX6QB*Z2:zxR4oDc=VsrD"1vf#tldWtc|YyiJS}
Copyright Joe Security LLC 2022 Page 116 of 135
2022-03-03 07:35:36 UTC 1304 IN Data Raw: 7e 93 b2 6a df bf 02 c1 91 83 27 e9 66 d4 c2 96 e3 02 e6 3f 3c ab 38 1a 88 eb 50 99 ef 29 2b 82 c7 81 fd d9 3d 92 68 6d a7 da 72 7c a2 f1 ef 2d 8f 0c 38 26 fd e0 81 14 72 70 0d c0 4c 35 c2 3b 67 44 ae 01 1d 0f 30 b0 de 86 ae ef 6e eb 6e ca 05 25 cb f6 6e 9f 41 1d 15 bd f7 d9 cc 5e 5c 99 08 e4 0c f2 3b b5 be 92 d3 73 7b 45 11 d3 b9 33 bb a0 1c 89 bc 95 53 c8 f7 40 b2 45 2a 43 90 26 b5 23 66 5b fc 6c 57 f9 3b c0 d3 e2 7a cf 75 d9 a9 76 e7 a1 29 ce 12 4a 04 2f 44 7b 76 91 73 a7 cf 3a 14 b4 f4 6e 14 29 a8 c0 2d fb 32 20 db 52 77 22 e8 62 1e 47 3b a9 24 83 1c 79 b3 25 db 4c f3 e6 73 dd 82 2a b5 f8 99 54 dc b6 58 1c 3d a7 9e e5 91 e3 c7 de c1 1c 58 2a b1 44 d0 51 28 63 b4 a5 d4 72 1d b7 9f 45 b9 7c f2 71 56 af 67 01 d1 2f 2f e7 9e db 4b c8 44 89 91 67 8a 64 73 Data Ascii: ~j'f?<8P)+=hmr|-8&rpL5;gD0nn%nA^\;s{E3S@E*C&#f[lW;zuv)J/D{vs:n)-2 Rw"bG;$y%Ls*TX=X*DQ(crE|qVg//KDgds
2022-03-03 07:35:36 UTC 1320 IN Data Raw: 34 54 02 0f 51 c3 9e 90 2f 89 62 11 01 9d ea 46 57 7c 64 c4 c1 5e af f5 ea e3 3c e9 9c d6 ea 35 a7 27 79 1a 29 4b 35 4a 90 19 d3 ec 70 ca ab ec 32 1e a7 94 00 64 56 1c eb b3 2b fd 59 ed 1b 8a 39 de 63 73 60 21 c6 c3 38 24 86 9e d7 49 97 9b 44 05 c0 1c ab 07 8f 43 7a 6b 97 73 e8 73 af 85 ae f5 13 ce 0b 18 78 55 d1 42 9e 5a 96 71 cd 0c 3d a4 28 fe b0 60 fc 3d d4 41 56 fe b7 72 fb 96 a2 24 eb f9 02 fb 43 4a 26 56 0d e3 c6 b5 96 33 22 0a e9 34 dc 9d 4b 80 95 1a f9 44 62 68 0d 35 d9 55 39 04 3a 32 3d 28 85 c9 5f 77 73 60 11 0e 07 3b 74 31 c7 d2 f2 81 27 4d 3d 38 b7 50 f6 8a e4 86 77 41 29 5f c6 a4 68 4c 43 0f f3 34 b2 aa 00 8d 38 18 71 7d 2a 73 66 11 d2 c0 f0 0c 97 45 ae dc 17 bb 1a 8a 70 a0 31 55 c4 6b 58 cf 26 eb cc eb d5 34 42 03 76 45 3d c0 53 c4 06 df b6 Data Ascii: 4TQ/bFW|d^<5'y)K5Jp2dV+Y9cs`!8$IDCzkssxUBZq=(`=AVr$CJ&V3"4KDbh5U9:2=(_ws`;t1'M=8PwA)_hLC48q}*sfEp1UkX&4BvE=S
2022-03-03 07:35:36 UTC 1336 IN Data Raw: 90 5f d3 ad fa 44 34 40 6e 8a 21 85 ab 68 7f f0 da e9 7e b2 3f f0 9c c8 ed b1 ce af 28 33 ad 81 52 1b c3 d1 8b 59 ca 13 e3 d2 6c aa da 9c 5b 5f 77 a0 39 d7 61 f7 ef 70 53 10 a4 66 be 32 a6 6d 90 79 a5 2b 2e 23 84 dd 2b c3 dd 68 59 10 42 71 ec d2 97 88 e1 c0 9e 69 37 c7 a5 6c b9 ea 72 7f 71 ef 6d de bb c5 20 4f 76 da c8 40 69 fa f2 64 18 f2 be 78 f8 a5 e7 25 78 96 e4 07 db bf 1b 02 fb ec e7 b1 07 17 e0 1a c7 d2 36 e4 cf b9 18 03 5c 2e ad d2 0e c8 41 8d f4 d1 3a 95 f7 4b 05 dc 17 f9 d2 3e 0b 7a 61 12 a4 73 14 15 94 d4 6d 07 85 c7 ea 23 03 6c ec 52 b5 21 a0 c9 47 94 7b 89 b6 cb e4 90 12 cd f1 07 28 73 3b 7d 56 a3 3e ef 9f cd f0 89 61 b9 68 88 76 e8 f7 56 4a ae 23 bd 44 3e d9 30 df 78 95 29 52 74 f1 16 e9 3d a2 a1 b3 e7 0c 8d 20 6e 4a bb ca 0a eb 3a b9 15 11 Data Ascii: _D4@n!h~?(3RYl[_w9apSf2my+.#+hYBqi7lrqm Ov@idx%x6\.A:K>zasm#lR!G{(s;}V>ahvVJ#D>0x)Rt= nJ:
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
4 192.168.2.3 49765 104.16.18.94 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:29 UTC 43 OUT GET /ajax/libs/popper.js/1.14.7/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://www.officefootballpool.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
2022-03-03 07:35:29 UTC 44 IN HTTP/1.1 200 OKDate: Thu, 03 Mar 2022 07:35:29 GMTContent-Type: application/javascript; charset=utf-8Transfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Cache-Control: public, max-age=30672000ETag: W/"5eb03fa9-520c"Last-Modified: Mon, 04 May 2020 16:15:37 GMTcf-cdnjs-via: cfworker/kvCross-Origin-Resource-Policy: cross-originTiming-Allow-Origin: *X-Content-Type-Options: nosniffExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"CF-Cache-Status: HITAge: 1208878Expires: Tue, 21 Feb 2023 07:35:29 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yq6WU2AdDUvlV2EjAwzin1a5Lu84FagaxP%2BE%2FPZ4MzB%2Bcu3DmaDxLLOguR3epzFdACTYk7G2pnFBNY1EtGrBdBmS%2BtZJdt%2F05BM69S1KYE6%2F15ZFeIO1iTU8k3UOjbQsZR6NqUn7"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Strict-Transport-Security: max-age=15780000Server: cloudflareCF-RAY: 6e60b216bf3c9b34-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Copyright Joe Security LLC 2022 Page 117 of 135
2022-03-03 07:35:29 UTC 45 IN Data Raw: 39 36 37 0d 0a 2f 2a 0a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 46 65 64 65 72 69 63 6f 20 5a 69 76 6f 6c 6f 20 32 30 31 39 0a 20 44 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 28 6c 69 63 65 6e 73 65 20 74 65 72 6d 73 20 61 72 65 20 61 74 20 68 74 74 70 3a 2f 2f 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 4d 49 54 29 2e 0a 20 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 27 6f 62 6a 65 63 74 27 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 27 75 6e 64 65 66 69 6e 65 64 27 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 27 66 75 6e 63 74 69 6f 6e 27 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 Data Ascii: 967/* Copyright (C) Federico Zivolo 2019 Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT). */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&
2022-03-03 07:35:29 UTC 45 IN Data Raw: 70 70 65 72 3d 74 28 29 7d 29 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 66 75 6e 63 74 69 6f 6e 20 65 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 27 5b 6f 62 6a 65 63 74 20 46 75 6e 63 74 69 6f 6e 5d 27 3d 3d 3d 7b 7d 2e 74 6f 53 74 72 69 6e 67 2e 63 61 6c 6c 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 2c 74 29 7b 69 66 28 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e 5b 5d 3b 76 61 72 20 6f 3d 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 2c 6e 3d 6f 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 65 2c 6e 75 6c 6c 29 3b 72 65 74 75 72 6e 20 74 3f 6e 5b 74 5d 3a 6e 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 72 65 74 75 72 6e 27 48 54 4d 4c 27 3d Data Ascii: pper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=e.ownerDocument.defaultView,n=o.getComputedStyle(e,null);return t?n[t]:n}function o(e){return'HTML'=
2022-03-03 07:35:29 UTC 46 IN Data Raw: 26 74 21 3d 3d 6c 7c 7c 6e 2e 63 6f 6e 74 61 69 6e 73 28 69 29 29 72 65 74 75 72 6e 20 73 28 6c 29 3f 6c 3a 70 28 6c 29 3b 76 61 72 20 66 3d 64 28 65 29 3b 72 65 74 75 72 6e 20 66 2e 68 6f 73 74 3f 61 28 66 2e 68 6f 73 74 2c 74 29 3a 61 28 65 2c 64 28 74 29 2e 68 6f 73 74 29 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 65 29 7b 76 61 72 20 74 3d 31 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 76 6f 69 64 20 30 21 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 31 5d 3f 61 72 67 75 6d 65 6e 74 73 5b 31 5d 3a 27 74 6f 70 27 2c 6f 3d 27 74 6f 70 27 3d 3d 3d 74 3f 27 73 63 72 6f 6c 6c 54 6f 70 27 3a 27 73 63 72 6f 6c 6c 4c 65 66 74 27 2c 6e 3d 65 2e 6e 6f 64 65 4e 61 6d 65 3b 69 66 28 27 42 4f 44 59 27 3d 3d 3d 6e 7c 7c 27 48 54 4d 4c 27 3d 3d 3d 6e 29 7b 76 61 72 20 Data Ascii: &t!==l||n.contains(i))return s(l)?l:p(l);var f=d(e);return f.host?a(f.host,t):a(e,d(t).host)}function l(e){var t=1<arguments.length&&void 0!==arguments[1]?arguments[1]:'top',o='top'===t?'scrollTop':'scrollLeft',n=e.nodeName;if('BODY'===n||'HTML'===n){var
2022-03-03 07:35:29 UTC 47 IN Data Raw: 34 38 61 35 0d 0a 6f 5b 27 73 63 72 6f 6c 6c 27 2b 65 5d 2c 72 28 31 30 29 3f 70 61 72 73 65 49 6e 74 28 6f 5b 27 6f 66 66 73 65 74 27 2b 65 5d 29 2b 70 61 72 73 65 49 6e 74 28 6e 5b 27 6d 61 72 67 69 6e 27 2b 28 27 48 65 69 67 68 74 27 3d 3d 3d 65 3f 27 54 6f 70 27 3a 27 4c 65 66 74 27 29 5d 29 2b 70 61 72 73 65 49 6e 74 28 6e 5b 27 6d 61 72 67 69 6e 27 2b 28 27 48 65 69 67 68 74 27 3d 3d 3d 65 3f 27 42 6f 74 74 6f 6d 27 3a 27 52 69 67 68 74 27 29 5d 29 3a 30 29 7d 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 76 61 72 20 74 3d 65 2e 62 6f 64 79 2c 6f 3d 65 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 6e 3d 72 28 31 30 29 26 26 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 6f 29 3b 72 65 74 75 72 6e 7b 68 65 69 67 68 74 3a 68 28 27 48 65 69 67 68 Data Ascii: 48a5o['scroll'+e],r(10)?parseInt(o['offset'+e])+parseInt(n['margin'+('Height'===e?'Top':'Left')])+parseInt(n['margin'+('Height'===e?'Bottom':'Right')]):0)}function c(e){var t=e.body,o=e.documentElement,n=r(10)&&getComputedStyle(o);return{height:h('Heigh
2022-03-03 07:35:29 UTC 48 IN Data Raw: 66 74 3d 79 7d 72 65 74 75 72 6e 28 70 26 26 21 69 3f 6f 2e 63 6f 6e 74 61 69 6e 73 28 6c 29 3a 6f 3d 3d 3d 6c 26 26 27 42 4f 44 59 27 21 3d 3d 6c 2e 6e 6f 64 65 4e 61 6d 65 29 26 26 28 62 3d 66 28 62 2c 6f 29 29 2c 62 7d 66 75 6e 63 74 69 6f 6e 20 77 28 65 29 7b 76 61 72 20 74 3d 31 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 76 6f 69 64 20 30 21 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 31 5d 26 26 61 72 67 75 6d 65 6e 74 73 5b 31 5d 2c 6f 3d 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 6e 3d 62 28 65 2c 6f 29 2c 69 3d 65 65 28 6f 2e 63 6c 69 65 6e 74 57 69 64 74 68 2c 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 57 69 64 74 68 7c 7c 30 29 2c 72 3d 65 65 28 6f 2e 63 6c 69 65 6e 74 48 65 69 67 68 74 2c 77 Data Ascii: ft=y}return(p&&!i?o.contains(l):o===l&&'BODY'!==l.nodeName)&&(b=f(b,o)),b}function w(e){var t=1<arguments.length&&void 0!==arguments[1]&&arguments[1],o=e.ownerDocument.documentElement,n=b(e,o),i=ee(o.clientWidth,window.innerWidth||0),r=ee(o.clientHeight,w
2022-03-03 07:35:29 UTC 50 IN Data Raw: 75 6e 63 74 69 6f 6e 20 4f 28 65 2c 74 2c 6f 2c 6e 2c 69 29 7b 76 61 72 20 72 3d 35 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 76 6f 69 64 20 30 21 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 35 5d 3f 61 72 67 75 6d 65 6e 74 73 5b 35 5d 3a 30 3b 69 66 28 2d 31 3d 3d 3d 65 2e 69 6e 64 65 78 4f 66 28 27 61 75 74 6f 27 29 29 72 65 74 75 72 6e 20 65 3b 76 61 72 20 70 3d 76 28 6f 2c 6e 2c 72 2c 69 29 2c 73 3d 7b 74 6f 70 3a 7b 77 69 64 74 68 3a 70 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 74 2e 74 6f 70 2d 70 2e 74 6f 70 7d 2c 72 69 67 68 74 3a 7b 77 69 64 74 68 3a 70 2e 72 69 67 68 74 2d 74 2e 72 69 67 68 74 2c 68 65 69 67 68 74 3a 70 2e 68 65 69 67 68 74 7d 2c 62 6f 74 74 6f 6d 3a 7b 77 69 64 74 68 3a 70 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 70 2e Data Ascii: unction O(e,t,o,n,i){var r=5<arguments.length&&void 0!==arguments[5]?arguments[5]:0;if(-1===e.indexOf('auto'))return e;var p=v(o,n,r,i),s={top:{width:p.width,height:t.top-p.top},right:{width:p.right-t.right,height:p.height},bottom:{width:p.width,height:p.
2022-03-03 07:35:29 UTC 51 IN Data Raw: 2c 74 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6e 64 3f 65 2e 66 69 6e 64 28 74 29 3a 65 2e 66 69 6c 74 65 72 28 74 29 5b 30 5d 7d 66 75 6e 63 74 69 6f 6e 20 4e 28 65 2c 74 2c 6f 29 7b 69 66 28 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6e 64 49 6e 64 65 78 29 72 65 74 75 72 6e 20 65 2e 66 69 6e 64 49 6e 64 65 78 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 5b 74 5d 3d 3d 3d 6f 7d 29 3b 76 61 72 20 6e 3d 43 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 5b 74 5d 3d 3d 3d 6f 7d 29 3b 72 65 74 75 72 6e 20 65 2e 69 6e 64 65 78 4f 66 28 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 50 28 74 2c 6f 2c 6e 29 7b 76 61 72 20 69 3d 76 6f 69 64 20 30 3d 3d 3d 6e 3f 74 3a 74 2e 73 6c 69 Data Ascii: ,t){return Array.prototype.find?e.find(t):e.filter(t)[0]}function N(e,t,o){if(Array.prototype.findIndex)return e.findIndex(function(e){return e[t]===o});var n=C(e,function(e){return e[t]===o});return e.indexOf(n)}function P(t,o,n){var i=void 0===n?t:t.sli
2022-03-03 07:35:29 UTC 52 IN Data Raw: 2c 27 4f 27 5d 2c 6f 3d 65 2e 63 68 61 72 41 74 28 30 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 2b 65 2e 73 6c 69 63 65 28 31 29 2c 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 76 61 72 20 69 3d 74 5b 6e 5d 2c 72 3d 69 3f 27 27 2b 69 2b 6f 3a 65 3b 69 66 28 27 75 6e 64 65 66 69 6e 65 64 27 21 3d 74 79 70 65 6f 66 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 74 79 6c 65 5b 72 5d 29 72 65 74 75 72 6e 20 72 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 42 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 73 74 61 74 65 2e 69 73 44 65 73 74 72 6f 79 65 64 3d 21 30 2c 57 28 74 68 69 73 2e 6d 6f 64 69 66 69 65 72 73 2c 27 61 70 70 6c 79 53 74 79 6c 65 27 29 26 26 28 74 68 69 73 2e 70 6f 70 70 65 72 2e 72 65 6d 6f 76 65 41 74 Data Ascii: ,'O'],o=e.charAt(0).toUpperCase()+e.slice(1),n=0;n<t.length;n++){var i=t[n],r=i?''+i+o:e;if('undefined'!=typeof document.body.style[r])return r}return null}function B(){return this.state.isDestroyed=!0,W(this.modifiers,'applyStyle')&&(this.popper.removeAt
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 118 of 135
2022-03-03 07:35:29 UTC 54 IN Data Raw: 6f 6e 20 55 28 29 7b 74 68 69 73 2e 73 74 61 74 65 2e 65 76 65 6e 74 73 45 6e 61 62 6c 65 64 26 26 28 63 61 6e 63 65 6c 41 6e 69 6d 61 74 69 6f 6e 46 72 61 6d 65 28 74 68 69 73 2e 73 63 68 65 64 75 6c 65 55 70 64 61 74 65 29 2c 74 68 69 73 2e 73 74 61 74 65 3d 52 28 74 68 69 73 2e 72 65 66 65 72 65 6e 63 65 2c 74 68 69 73 2e 73 74 61 74 65 29 29 7d 66 75 6e 63 74 69 6f 6e 20 59 28 65 29 7b 72 65 74 75 72 6e 27 27 21 3d 3d 65 26 26 21 69 73 4e 61 4e 28 70 61 72 73 65 46 6c 6f 61 74 28 65 29 29 26 26 69 73 46 69 6e 69 74 65 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6a 28 65 2c 74 29 7b 4f 62 6a 65 63 74 2e 6b 65 79 73 28 74 29 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 76 61 72 20 6e 3d 27 27 3b 2d 31 21 3d 3d 5b 27 77 69 64 74 68 27 2c 27 Data Ascii: on U(){this.state.eventsEnabled&&(cancelAnimationFrame(this.scheduleUpdate),this.state=R(this.reference,this.state))}function Y(e){return''!==e&&!isNaN(parseFloat(e))&&isFinite(e)}function j(e,t){Object.keys(t).forEach(function(o){var n='';-1!==['width','
2022-03-03 07:35:29 UTC 55 IN Data Raw: 21 72 29 72 65 74 75 72 6e 20 65 3b 69 66 28 30 3d 3d 3d 70 2e 69 6e 64 65 78 4f 66 28 27 25 27 29 29 7b 76 61 72 20 73 3b 73 77 69 74 63 68 28 70 29 7b 63 61 73 65 27 25 70 27 3a 73 3d 6f 3b 62 72 65 61 6b 3b 63 61 73 65 27 25 27 3a 63 61 73 65 27 25 72 27 3a 64 65 66 61 75 6c 74 3a 73 3d 6e 3b 7d 76 61 72 20 64 3d 67 28 73 29 3b 72 65 74 75 72 6e 20 64 5b 74 5d 2f 31 30 30 2a 72 7d 69 66 28 27 76 68 27 3d 3d 3d 70 7c 7c 27 76 77 27 3d 3d 3d 70 29 7b 76 61 72 20 61 3b 72 65 74 75 72 6e 20 61 3d 27 76 68 27 3d 3d 3d 70 3f 65 65 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6c 69 65 6e 74 48 65 69 67 68 74 2c 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 48 65 69 67 68 74 7c 7c 30 29 3a 65 65 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 Data Ascii: !r)return e;if(0===p.indexOf('%')){var s;switch(p){case'%p':s=o;break;case'%':case'%r':default:s=n;}var d=g(s);return d[t]/100*r}if('vh'===p||'vw'===p){var a;return a='vh'===p?ee(document.documentElement.clientHeight,window.innerHeight||0):ee(document.doc
2022-03-03 07:35:29 UTC 56 IN Data Raw: 70 2b 3d 6f 5b 31 5d 29 2c 65 2e 70 6f 70 70 65 72 3d 70 2c 65 7d 66 6f 72 28 76 61 72 20 51 3d 4d 61 74 68 2e 6d 69 6e 2c 5a 3d 4d 61 74 68 2e 66 6c 6f 6f 72 2c 24 3d 4d 61 74 68 2e 72 6f 75 6e 64 2c 65 65 3d 4d 61 74 68 2e 6d 61 78 2c 74 65 3d 27 75 6e 64 65 66 69 6e 65 64 27 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 27 75 6e 64 65 66 69 6e 65 64 27 21 3d 74 79 70 65 6f 66 20 64 6f 63 75 6d 65 6e 74 2c 6f 65 3d 5b 27 45 64 67 65 27 2c 27 54 72 69 64 65 6e 74 27 2c 27 46 69 72 65 66 6f 78 27 5d 2c 6e 65 3d 30 2c 69 65 3d 30 3b 69 65 3c 6f 65 2e 6c 65 6e 67 74 68 3b 69 65 2b 3d 31 29 69 66 28 74 65 26 26 30 3c 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 69 6e 64 65 78 4f 66 28 6f 65 5b 69 65 5d 29 29 7b 6e 65 3d 31 3b 62 72 65 Data Ascii: p+=o[1]),e.popper=p,e}for(var Q=Math.min,Z=Math.floor,$=Math.round,ee=Math.max,te='undefined'!=typeof window&&'undefined'!=typeof document,oe=['Edge','Trident','Firefox'],ne=0,ie=0;ie<oe.length;ie+=1)if(te&&0<=navigator.userAgent.indexOf(oe[ie])){ne=1;bre
2022-03-03 07:35:29 UTC 58 IN Data Raw: 62 6f 74 74 6f 6d 2d 73 74 61 72 74 27 2c 27 6c 65 66 74 2d 65 6e 64 27 2c 27 6c 65 66 74 27 2c 27 6c 65 66 74 2d 73 74 61 72 74 27 5d 2c 63 65 3d 68 65 2e 73 6c 69 63 65 28 33 29 2c 67 65 3d 7b 46 4c 49 50 3a 27 66 6c 69 70 27 2c 43 4c 4f 43 4b 57 49 53 45 3a 27 63 6c 6f 63 6b 77 69 73 65 27 2c 43 4f 55 4e 54 45 52 43 4c 4f 43 4b 57 49 53 45 3a 27 63 6f 75 6e 74 65 72 63 6c 6f 63 6b 77 69 73 65 27 7d 2c 75 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 6f 2c 6e 29 7b 76 61 72 20 69 3d 74 68 69 73 2c 72 3d 32 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 76 6f 69 64 20 30 21 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 32 5d 3f 61 72 67 75 6d 65 6e 74 73 5b 32 5d 3a 7b 7d 3b 64 65 28 74 68 69 73 2c 74 29 2c 74 68 69 73 2e 73 63 Data Ascii: bottom-start','left-end','left','left-start'],ce=he.slice(3),ge={FLIP:'flip',CLOCKWISE:'clockwise',COUNTERCLOCKWISE:'counterclockwise'},ue=function(){function t(o,n){var i=this,r=2<arguments.length&&void 0!==arguments[2]?arguments[2]:{};de(this,t),this.sc
2022-03-03 07:35:29 UTC 59 IN Data Raw: 79 70 65 6f 66 20 77 69 6e 64 6f 77 3f 67 6c 6f 62 61 6c 3a 77 69 6e 64 6f 77 29 2e 50 6f 70 70 65 72 55 74 69 6c 73 2c 75 65 2e 70 6c 61 63 65 6d 65 6e 74 73 3d 68 65 2c 75 65 2e 44 65 66 61 75 6c 74 73 3d 7b 70 6c 61 63 65 6d 65 6e 74 3a 27 62 6f 74 74 6f 6d 27 2c 70 6f 73 69 74 69 6f 6e 46 69 78 65 64 3a 21 31 2c 65 76 65 6e 74 73 45 6e 61 62 6c 65 64 3a 21 30 2c 72 65 6d 6f 76 65 4f 6e 44 65 73 74 72 6f 79 3a 21 31 2c 6f 6e 43 72 65 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 6f 6e 55 70 64 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 6d 6f 64 69 66 69 65 72 73 3a 7b 73 68 69 66 74 3a 7b 6f 72 64 65 72 3a 31 30 30 2c 65 6e 61 62 6c 65 64 3a 21 30 2c 66 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 70 6c 61 63 65 6d 65 Data Ascii: ypeof window?global:window).PopperUtils,ue.placements=he,ue.Defaults={placement:'bottom',positionFixed:!1,eventsEnabled:!0,removeOnDestroy:!1,onCreate:function(){},onUpdate:function(){},modifiers:{shift:{order:100,enabled:!0,fn:function(e){var t=e.placeme
2022-03-03 07:35:29 UTC 60 IN Data Raw: 2c 27 62 6f 74 74 6f 6d 27 5d 2c 70 61 64 64 69 6e 67 3a 35 2c 62 6f 75 6e 64 61 72 69 65 73 45 6c 65 6d 65 6e 74 3a 27 73 63 72 6f 6c 6c 50 61 72 65 6e 74 27 7d 2c 6b 65 65 70 54 6f 67 65 74 68 65 72 3a 7b 6f 72 64 65 72 3a 34 30 30 2c 65 6e 61 62 6c 65 64 3a 21 30 2c 66 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 6f 66 66 73 65 74 73 2c 6f 3d 74 2e 70 6f 70 70 65 72 2c 6e 3d 74 2e 72 65 66 65 72 65 6e 63 65 2c 69 3d 65 2e 70 6c 61 63 65 6d 65 6e 74 2e 73 70 6c 69 74 28 27 2d 27 29 5b 30 5d 2c 72 3d 5a 2c 70 3d 2d 31 21 3d 3d 5b 27 74 6f 70 27 2c 27 62 6f 74 74 6f 6d 27 5d 2e 69 6e 64 65 78 4f 66 28 69 29 2c 73 3d 70 3f 27 72 69 67 68 74 27 3a 27 62 6f 74 74 6f 6d 27 2c 64 3d 70 3f 27 6c 65 66 74 27 3a 27 74 6f 70 27 2c 61 3d 70 3f Data Ascii: ,'bottom'],padding:5,boundariesElement:'scrollParent'},keepTogether:{order:400,enabled:!0,fn:function(e){var t=e.offsets,o=t.popper,n=t.reference,i=e.placement.split('-')[0],r=Z,p=-1!==['top','bottom'].indexOf(i),s=p?'right':'bottom',d=p?'left':'top',a=p?
2022-03-03 07:35:29 UTC 62 IN Data Raw: 6f 64 69 66 69 65 72 73 2c 27 69 6e 6e 65 72 27 29 29 72 65 74 75 72 6e 20 65 3b 69 66 28 65 2e 66 6c 69 70 70 65 64 26 26 65 2e 70 6c 61 63 65 6d 65 6e 74 3d 3d 3d 65 2e 6f 72 69 67 69 6e 61 6c 50 6c 61 63 65 6d 65 6e 74 29 72 65 74 75 72 6e 20 65 3b 76 61 72 20 6f 3d 76 28 65 2e 69 6e 73 74 61 6e 63 65 2e 70 6f 70 70 65 72 2c 65 2e 69 6e 73 74 61 6e 63 65 2e 72 65 66 65 72 65 6e 63 65 2c 74 2e 70 61 64 64 69 6e 67 2c 74 2e 62 6f 75 6e 64 61 72 69 65 73 45 6c 65 6d 65 6e 74 2c 65 2e 70 6f 73 69 74 69 6f 6e 46 69 78 65 64 29 2c 6e 3d 65 2e 70 6c 61 63 65 6d 65 6e 74 2e 73 70 6c 69 74 28 27 2d 27 29 5b 30 5d 2c 69 3d 54 28 6e 29 2c 72 3d 65 2e 70 6c 61 63 65 6d 65 6e 74 2e 73 70 6c 69 74 28 27 2d 27 29 5b 31 5d 7c 7c 27 27 2c 70 3d 5b 5d 3b 73 77 69 74 63 Data Ascii: odifiers,'inner'))return e;if(e.flipped&&e.placement===e.originalPlacement)return e;var o=v(e.instance.popper,e.instance.reference,t.padding,t.boundariesElement,e.positionFixed),n=e.placement.split('-')[0],i=T(n),r=e.placement.split('-')[1]||'',p=[];switc
2022-03-03 07:35:29 UTC 63 IN Data Raw: 2c 27 72 69 67 68 74 27 5d 2e 69 6e 64 65 78 4f 66 28 6f 29 2c 73 3d 2d 31 3d 3d 3d 5b 27 74 6f 70 27 2c 27 6c 65 66 74 27 5d 2e 69 6e 64 65 78 4f 66 28 6f 29 3b 72 65 74 75 72 6e 20 69 5b 70 3f 27 6c 65 66 74 27 3a 27 74 6f 70 27 5d 3d 72 5b 6f 5d 2d 28 73 3f 69 5b 70 3f 27 77 69 64 74 68 27 3a 27 68 65 69 67 68 74 27 5d 3a 30 29 2c 65 2e 70 6c 61 63 65 6d 65 6e 74 3d 54 28 74 29 2c 65 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 3d 67 28 69 29 2c 65 7d 7d 2c 68 69 64 65 3a 7b 6f 72 64 65 72 3a 38 30 30 2c 65 6e 61 62 6c 65 64 3a 21 30 2c 66 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 4b 28 65 2e 69 6e 73 74 61 6e 63 65 2e 6d 6f 64 69 66 69 65 72 73 2c 27 68 69 64 65 27 2c 27 70 72 65 76 65 6e 74 4f 76 65 72 66 6c 6f 77 27 29 29 72 65 74 75 72 Data Ascii: ,'right'].indexOf(o),s=-1===['top','left'].indexOf(o);return i[p?'left':'top']=r[o]-(s?i[p?'width':'height']:0),e.placement=T(t),e.offsets.popper=g(i),e}},hide:{order:800,enabled:!0,fn:function(e){if(!K(e.instance.modifiers,'hide','preventOverflow'))retur
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 119 of 135
2022-03-03 07:35:29 UTC 64 IN Data Raw: 27 74 72 61 6e 73 66 6f 72 6d 27 3b 65 6c 73 65 7b 76 61 72 20 77 3d 27 62 6f 74 74 6f 6d 27 3d 3d 63 3f 2d 31 3a 31 2c 79 3d 27 72 69 67 68 74 27 3d 3d 67 3f 2d 31 3a 31 3b 6d 5b 63 5d 3d 64 2a 77 2c 6d 5b 67 5d 3d 73 2a 79 2c 6d 2e 77 69 6c 6c 43 68 61 6e 67 65 3d 63 2b 27 2c 20 27 2b 67 7d 76 61 72 20 45 3d 7b 22 78 2d 70 6c 61 63 65 6d 65 6e 74 22 3a 65 2e 70 6c 61 63 65 6d 65 6e 74 7d 3b 72 65 74 75 72 6e 20 65 2e 61 74 74 72 69 62 75 74 65 73 3d 66 65 28 7b 7d 2c 45 2c 65 2e 61 74 74 72 69 62 75 74 65 73 29 2c 65 2e 73 74 79 6c 65 73 3d 66 65 28 7b 7d 2c 6d 2c 65 2e 73 74 79 6c 65 73 29 2c 65 2e 61 72 72 6f 77 53 74 79 6c 65 73 3d 66 65 28 7b 7d 2c 65 2e 6f 66 66 73 65 74 73 2e 61 72 72 6f 77 2c 65 2e 61 72 72 6f 77 53 74 79 6c 65 73 29 2c 65 7d 2c Data Ascii: 'transform';else{var w='bottom'==c?-1:1,y='right'==g?-1:1;m[c]=d*w,m[g]=s*y,m.willChange=c+', '+g}var E={"x-placement":e.placement};return e.attributes=fe({},E,e.attributes),e.styles=fe({},m,e.styles),e.arrowStyles=fe({},e.offsets.arrow,e.arrowStyles),e},
2022-03-03 07:35:29 UTC 65 IN Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
5 192.168.2.3 49769 104.18.10.207 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:29 UTC 43 OUT GET /bootstrap/4.3.1/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-aliveOrigin: https://www.officefootballpool.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
2022-03-03 07:35:29 UTC 65 IN HTTP/1.1 200 OKDate: Thu, 03 Mar 2022 07:35:29 GMTContent-Type: application/javascript; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCDN-PullZone: 252412CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74CDN-RequestCountryCode: DECDN-EdgeStorageId: 601CDN-EdgeStorageId: 617CDN-EdgeStorageId: 617Last-Modified: Mon, 25 Jan 2021 22:04:08 GMTCDN-CachedAt: 2021-08-02 21:50:12CDN-RequestPullSuccess: TrueCDN-RequestPullCode: 200Cache-Control: public, max-age=31919000timing-allow-origin: *cross-origin-resource-policy: cross-originaccess-control-allow-origin: *x-content-type-options: nosniffCDN-RequestId: 2ec235be1978d603b1d339993a0ab3d8CDN-Status: 200CDN-Cache: HITCF-Cache-Status: HITAge: 213284Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadServer: cloudflareCF-RAY: 6e60b216cbc690d4-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2022-03-03 07:35:29 UTC 66 IN Data Raw: 37 62 63 32 0d 0a 2f 2a 21 0a 20 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 33 2e 31 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 39 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 67 72 61 70 68 73 2f 63 6f 6e 74 72 69 62 75 74 6f 72 73 29 0a 20 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 Data Ascii: 7bc2/*! * Bootstrap v4.3.1 (https://getbootstrap.com/) * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */!function(
Copyright Joe Security LLC 2022 Page 120 of 135
2022-03-03 07:35:29 UTC 66 IN Data Raw: 78 70 6f 72 74 73 2c 72 65 71 75 69 72 65 28 22 6a 71 75 65 72 79 22 29 2c 72 65 71 75 69 72 65 28 22 70 6f 70 70 65 72 2e 6a 73 22 29 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 22 65 78 70 6f 72 74 73 22 2c 22 6a 71 75 65 72 79 22 2c 22 70 6f 70 70 65 72 2e 6a 73 22 5d 2c 65 29 3a 65 28 28 74 3d 74 7c 7c 73 65 6c 66 29 2e 62 6f 6f 74 73 74 72 61 70 3d 7b 7d 2c 74 2e 6a 51 75 65 72 79 2c 74 2e 50 6f 70 70 65 72 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 67 2c 75 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 69 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 3b 6e 3c 65 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 76 61 Data Ascii: xports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e((t=t||self).bootstrap={},t.jQuery,t.Popper)}(this,function(t,g,u){"use strict";function i(t,e){for(var n=0;n<e.length;n++){va
2022-03-03 07:35:29 UTC 68 IN Data Raw: 3d 3d 6e 3f 6e 2e 74 72 69 6d 28 29 3a 22 22 7d 74 72 79 7b 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 65 29 3f 65 3a 6e 75 6c 6c 7d 63 61 74 63 68 28 74 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 7d 2c 67 65 74 54 72 61 6e 73 69 74 69 6f 6e 44 75 72 61 74 69 6f 6e 46 72 6f 6d 45 6c 65 6d 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 21 74 29 72 65 74 75 72 6e 20 30 3b 76 61 72 20 65 3d 67 28 74 29 2e 63 73 73 28 22 74 72 61 6e 73 69 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 22 29 2c 6e 3d 67 28 74 29 2e 63 73 73 28 22 74 72 61 6e 73 69 74 69 6f 6e 2d 64 65 6c 61 79 22 29 2c 69 3d 70 61 72 73 65 46 6c 6f 61 74 28 65 29 2c 6f 3d 70 61 72 73 65 46 6c 6f 61 74 28 6e 29 3b 72 65 74 75 72 6e 20 69 7c 7c 6f Data Ascii: ==n?n.trim():""}try{return document.querySelector(e)?e:null}catch(t){return null}},getTransitionDurationFromElement:function(t){if(!t)return 0;var e=g(t).css("transition-duration"),n=g(t).css("transition-delay"),i=parseFloat(e),o=parseFloat(n);return i||o
2022-03-03 07:35:29 UTC 69 IN Data Raw: 2c 43 4c 4f 53 45 44 3a 22 63 6c 6f 73 65 64 22 2b 61 2c 43 4c 49 43 4b 5f 44 41 54 41 5f 41 50 49 3a 22 63 6c 69 63 6b 22 2b 61 2b 22 2e 64 61 74 61 2d 61 70 69 22 7d 2c 66 3d 22 61 6c 65 72 74 22 2c 64 3d 22 66 61 64 65 22 2c 6d 3d 22 73 68 6f 77 22 2c 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 69 28 74 29 7b 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 3d 74 7d 76 61 72 20 74 3d 69 2e 70 72 6f 74 6f 74 79 70 65 3b 72 65 74 75 72 6e 20 74 2e 63 6c 6f 73 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 3b 74 26 26 28 65 3d 74 68 69 73 2e 5f 67 65 74 52 6f 6f 74 45 6c 65 6d 65 6e 74 28 74 29 29 2c 74 68 69 73 2e 5f 74 72 69 67 67 65 72 43 6c 6f 73 65 45 76 65 6e 74 28 65 29 2e 69 73 44 65 Data Ascii: ,CLOSED:"closed"+a,CLICK_DATA_API:"click"+a+".data-api"},f="alert",d="fade",m="show",p=function(){function i(t){this._element=t}var t=i.prototype;return t.close=function(t){var e=this._element;t&&(e=this._getRootElement(t)),this._triggerCloseEvent(e).isDe
2022-03-03 07:35:29 UTC 70 IN Data Raw: 75 72 6e 20 67 2e 66 6e 5b 6f 5d 3d 63 2c 70 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 7d 3b 76 61 72 20 76 3d 22 62 75 74 74 6f 6e 22 2c 79 3d 22 62 73 2e 62 75 74 74 6f 6e 22 2c 45 3d 22 2e 22 2b 79 2c 43 3d 22 2e 64 61 74 61 2d 61 70 69 22 2c 54 3d 67 2e 66 6e 5b 76 5d 2c 53 3d 22 61 63 74 69 76 65 22 2c 62 3d 22 62 74 6e 22 2c 49 3d 22 66 6f 63 75 73 22 2c 44 3d 27 5b 64 61 74 61 2d 74 6f 67 67 6c 65 5e 3d 22 62 75 74 74 6f 6e 22 5d 27 2c 77 3d 27 5b 64 61 74 61 2d 74 6f 67 67 6c 65 3d 22 62 75 74 74 6f 6e 73 22 5d 27 2c 41 3d 27 69 6e 70 75 74 3a 6e 6f 74 28 5b 74 79 70 65 3d 22 68 69 64 64 65 6e 22 5d 29 27 2c 4e 3d 22 2e 61 63 74 69 76 65 22 2c 4f 3d 22 2e 62 74 6e 22 2c 6b 3d 7b 43 4c 49 43 4b 5f 44 41 54 41 5f 41 50 49 3a 22 63 6c 69 63 Data Ascii: urn g.fn[o]=c,p._jQueryInterface};var v="button",y="bs.button",E="."+y,C=".data-api",T=g.fn[v],S="active",b="btn",I="focus",D='[data-toggle^="button"]',w='[data-toggle="buttons"]',A='input:not([type="hidden"])',N=".active",O=".btn",k={CLICK_DATA_API:"clic
2022-03-03 07:35:29 UTC 72 IN Data Raw: 65 72 66 61 63 65 2e 63 61 6c 6c 28 67 28 65 29 2c 22 74 6f 67 67 6c 65 22 29 7d 29 2e 6f 6e 28 6b 2e 46 4f 43 55 53 5f 42 4c 55 52 5f 44 41 54 41 5f 41 50 49 2c 44 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 67 28 74 2e 74 61 72 67 65 74 29 2e 63 6c 6f 73 65 73 74 28 4f 29 5b 30 5d 3b 67 28 65 29 2e 74 6f 67 67 6c 65 43 6c 61 73 73 28 49 2c 2f 5e 66 6f 63 75 73 28 69 6e 29 3f 24 2f 2e 74 65 73 74 28 74 2e 74 79 70 65 29 29 7d 29 2c 67 2e 66 6e 5b 76 5d 3d 50 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2c 67 2e 66 6e 5b 76 5d 2e 43 6f 6e 73 74 72 75 63 74 6f 72 3d 50 2c 67 2e 66 6e 5b 76 5d 2e 6e 6f 43 6f 6e 66 6c 69 63 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 2e 66 6e 5b 76 5d 3d 54 2c 50 2e 5f 6a 51 75 65 72 79 Data Ascii: erface.call(g(e),"toggle")}).on(k.FOCUS_BLUR_DATA_API,D,function(t){var e=g(t.target).closest(O)[0];g(e).toggleClass(I,/^focus(in)?$/.test(t.type))}),g.fn[v]=P._jQueryInterface,g.fn[v].Constructor=P,g.fn[v].noConflict=function(){return g.fn[v]=T,P._jQuery
2022-03-03 07:35:29 UTC 73 IN Data Raw: 61 75 73 65 64 3d 21 31 2c 74 68 69 73 2e 5f 69 73 53 6c 69 64 69 6e 67 3d 21 31 2c 74 68 69 73 2e 74 6f 75 63 68 54 69 6d 65 6f 75 74 3d 6e 75 6c 6c 2c 74 68 69 73 2e 74 6f 75 63 68 53 74 61 72 74 58 3d 30 2c 74 68 69 73 2e 74 6f 75 63 68 44 65 6c 74 61 58 3d 30 2c 74 68 69 73 2e 5f 63 6f 6e 66 69 67 3d 74 68 69 73 2e 5f 67 65 74 43 6f 6e 66 69 67 28 65 29 2c 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 3d 74 2c 74 68 69 73 2e 5f 69 6e 64 69 63 61 74 6f 72 73 45 6c 65 6d 65 6e 74 3d 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 6f 74 29 2c 74 68 69 73 2e 5f 74 6f 75 63 68 53 75 70 70 6f 72 74 65 64 3d 22 6f 6e 74 6f 75 63 68 73 74 61 72 74 22 69 6e 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 Data Ascii: aused=!1,this._isSliding=!1,this.touchTimeout=null,this.touchStartX=0,this.touchDeltaX=0,this._config=this._getConfig(e),this._element=t,this._indicatorsElement=this._element.querySelector(ot),this._touchSupported="ontouchstart"in document.documentElement
2022-03-03 07:35:29 UTC 75 IN Data Raw: 28 29 2c 76 6f 69 64 20 74 68 69 73 2e 63 79 63 6c 65 28 29 3b 76 61 72 20 69 3d 6e 3c 74 3f 57 3a 71 3b 74 68 69 73 2e 5f 73 6c 69 64 65 28 69 2c 74 68 69 73 2e 5f 69 74 65 6d 73 5b 74 5d 29 7d 7d 2c 74 2e 64 69 73 70 6f 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 67 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 6f 66 66 28 48 29 2c 67 2e 72 65 6d 6f 76 65 44 61 74 61 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 6a 29 2c 74 68 69 73 2e 5f 69 74 65 6d 73 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 63 6f 6e 66 69 67 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 69 6e 74 65 72 76 61 6c 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 69 73 50 61 75 73 65 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 69 73 53 6c 69 64 69 6e 67 3d 6e 75 6c Data Ascii: (),void this.cycle();var i=n<t?W:q;this._slide(i,this._items[t])}},t.dispose=function(){g(this._element).off(H),g.removeData(this._element,j),this._items=null,this._config=null,this._element=null,this._interval=null,this._isPaused=null,this._isSliding=nul
2022-03-03 07:35:29 UTC 76 IN Data Raw: 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 2e 63 79 63 6c 65 28 74 29 7d 2c 35 30 30 2b 6e 2e 5f 63 6f 6e 66 69 67 2e 69 6e 74 65 72 76 61 6c 29 29 7d 3b 67 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 6e 74 29 29 2e 6f 6e 28 51 2e 44 52 41 47 5f 53 54 41 52 54 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 7d 29 2c 74 68 69 73 2e 5f 70 6f 69 6e 74 65 72 45 76 65 6e 74 3f 28 67 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 6f 6e 28 51 2e 50 4f 49 4e 54 45 52 44 4f 57 4e 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 65 28 74 29 7d 29 2c 67 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 6f 6e 28 51 2e 50 4f 49 4e 54 45 52 55 50 Data Ascii: n(t){return n.cycle(t)},500+n._config.interval))};g(this._element.querySelectorAll(nt)).on(Q.DRAG_START,function(t){return t.preventDefault()}),this._pointerEvent?(g(this._element).on(Q.POINTERDOWN,function(t){return e(t)}),g(this._element).on(Q.POINTERUP
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 121 of 135
2022-03-03 07:35:29 UTC 77 IN Data Raw: 6f 3a 6e 7d 29 3b 72 65 74 75 72 6e 20 67 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 74 72 69 67 67 65 72 28 6f 29 2c 6f 7d 2c 74 2e 5f 73 65 74 41 63 74 69 76 65 49 6e 64 69 63 61 74 6f 72 45 6c 65 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 74 68 69 73 2e 5f 69 6e 64 69 63 61 74 6f 72 73 45 6c 65 6d 65 6e 74 29 7b 76 61 72 20 65 3d 5b 5d 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 74 68 69 73 2e 5f 69 6e 64 69 63 61 74 6f 72 73 45 6c 65 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 5a 29 29 3b 67 28 65 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 56 29 3b 76 61 72 20 6e 3d 74 68 69 73 2e 5f 69 6e 64 69 63 61 74 6f 72 73 45 6c 65 6d 65 6e 74 2e 63 68 69 6c 64 72 65 6e 5b 74 68 69 73 2e 5f 67 65 74 49 74 65 6d 49 6e 64 65 78 Data Ascii: o:n});return g(this._element).trigger(o),o},t._setActiveIndicatorElement=function(t){if(this._indicatorsElement){var e=[].slice.call(this._indicatorsElement.querySelectorAll(Z));g(e).removeClass(V);var n=this._indicatorsElement.children[this._getItemIndex
2022-03-03 07:35:29 UTC 79 IN Data Raw: 5f 65 6c 65 6d 65 6e 74 29 2e 74 72 69 67 67 65 72 28 75 29 3b 68 26 26 74 68 69 73 2e 63 79 63 6c 65 28 29 7d 7d 2c 72 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 69 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 67 28 74 68 69 73 29 2e 64 61 74 61 28 6a 29 2c 65 3d 6c 28 7b 7d 2c 46 2c 67 28 74 68 69 73 29 2e 64 61 74 61 28 29 29 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 69 26 26 28 65 3d 6c 28 7b 7d 2c 65 2c 69 29 29 3b 76 61 72 20 6e 3d 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 69 3f 69 3a 65 2e 73 6c 69 64 65 3b 69 66 28 74 7c 7c 28 74 3d 6e 65 77 20 72 28 74 68 69 73 2c 65 29 2c 67 28 74 68 69 73 29 2e 64 61 74 61 28 6a 2c 74 29 29 Data Ascii: _element).trigger(u);h&&this.cycle()}},r._jQueryInterface=function(i){return this.each(function(){var t=g(this).data(j),e=l({},F,g(this).data());"object"==typeof i&&(e=l({},e,i));var n="string"==typeof i?i:e.slide;if(t||(t=new r(this,e),g(this).data(j,t))
2022-03-03 07:35:29 UTC 80 IN Data Raw: 44 44 45 4e 3a 22 68 69 64 64 65 6e 22 2b 75 74 2c 43 4c 49 43 4b 5f 44 41 54 41 5f 41 50 49 3a 22 63 6c 69 63 6b 22 2b 75 74 2b 22 2e 64 61 74 61 2d 61 70 69 22 7d 2c 6d 74 3d 22 73 68 6f 77 22 2c 70 74 3d 22 63 6f 6c 6c 61 70 73 65 22 2c 76 74 3d 22 63 6f 6c 6c 61 70 73 69 6e 67 22 2c 79 74 3d 22 63 6f 6c 6c 61 70 73 65 64 22 2c 45 74 3d 22 77 69 64 74 68 22 2c 43 74 3d 22 68 65 69 67 68 74 22 2c 54 74 3d 22 2e 73 68 6f 77 2c 20 2e 63 6f 6c 6c 61 70 73 69 6e 67 22 2c 53 74 3d 27 5b 64 61 74 61 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 5d 27 2c 62 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 61 28 65 2c 74 29 7b 74 68 69 73 2e 5f 69 73 54 72 61 6e 73 69 74 69 6f 6e 69 6e 67 3d 21 31 2c 74 68 69 73 2e 5f 65 6c 65 6d 65 6e Data Ascii: DDEN:"hidden"+ut,CLICK_DATA_API:"click"+ut+".data-api"},mt="show",pt="collapse",vt="collapsing",yt="collapsed",Et="width",Ct="height",Tt=".show, .collapsing",St='[data-toggle="collapse"]',bt=function(){function a(e,t){this._isTransitioning=!1,this._elemen
2022-03-03 07:35:29 UTC 81 IN Data Raw: 67 29 29 29 7b 76 61 72 20 69 3d 67 2e 45 76 65 6e 74 28 5f 74 2e 53 48 4f 57 29 3b 69 66 28 67 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 74 72 69 67 67 65 72 28 69 29 2c 21 69 2e 69 73 44 65 66 61 75 6c 74 50 72 65 76 65 6e 74 65 64 28 29 29 7b 74 26 26 28 61 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2e 63 61 6c 6c 28 67 28 74 29 2e 6e 6f 74 28 74 68 69 73 2e 5f 73 65 6c 65 63 74 6f 72 29 2c 22 68 69 64 65 22 29 2c 65 7c 7c 67 28 74 29 2e 64 61 74 61 28 68 74 2c 6e 75 6c 6c 29 29 3b 76 61 72 20 6f 3d 74 68 69 73 2e 5f 67 65 74 44 69 6d 65 6e 73 69 6f 6e 28 29 3b 67 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 70 74 29 2e 61 64 64 43 6c 61 73 73 28 76 74 29 2c 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e Data Ascii: g))){var i=g.Event(_t.SHOW);if(g(this._element).trigger(i),!i.isDefaultPrevented()){t&&(a._jQueryInterface.call(g(t).not(this._selector),"hide"),e||g(t).data(ht,null));var o=this._getDimension();g(this._element).removeClass(pt).addClass(vt),this._element.
2022-03-03 07:35:29 UTC 83 IN Data Raw: 22 22 3b 76 61 72 20 61 3d 5f 2e 67 65 74 54 72 61 6e 73 69 74 69 6f 6e 44 75 72 61 74 69 6f 6e 46 72 6f 6d 45 6c 65 6d 65 6e 74 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 3b 67 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 6f 6e 65 28 5f 2e 54 52 41 4e 53 49 54 49 4f 4e 5f 45 4e 44 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 2e 73 65 74 54 72 61 6e 73 69 74 69 6f 6e 69 6e 67 28 21 31 29 2c 67 28 74 2e 5f 65 6c 65 6d 65 6e 74 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 76 74 29 2e 61 64 64 43 6c 61 73 73 28 70 74 29 2e 74 72 69 67 67 65 72 28 5f 74 2e 48 49 44 44 45 4e 29 7d 29 2e 65 6d 75 6c 61 74 65 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 61 29 7d 7d 7d 2c 74 2e 73 65 74 54 72 61 6e 73 69 74 69 6f 6e 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 68 Data Ascii: "";var a=_.getTransitionDurationFromElement(this._element);g(this._element).one(_.TRANSITION_END,function(){t.setTransitioning(!1),g(t._element).removeClass(vt).addClass(pt).trigger(_t.HIDDEN)}).emulateTransitionEnd(a)}}},t.setTransitioning=function(t){th
2022-03-03 07:35:29 UTC 84 IN Data Raw: 28 29 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 69 26 26 69 3f 69 3a 7b 7d 29 3b 69 66 28 21 65 26 26 6e 2e 74 6f 67 67 6c 65 26 26 2f 73 68 6f 77 7c 68 69 64 65 2f 2e 74 65 73 74 28 69 29 26 26 28 6e 2e 74 6f 67 67 6c 65 3d 21 31 29 2c 65 7c 7c 28 65 3d 6e 65 77 20 61 28 74 68 69 73 2c 6e 29 2c 74 2e 64 61 74 61 28 68 74 2c 65 29 29 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 69 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 5b 69 5d 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 27 4e 6f 20 6d 65 74 68 6f 64 20 6e 61 6d 65 64 20 22 27 2b 69 2b 27 22 27 29 3b 65 5b 69 5d 28 29 7d 7d 29 7d 2c 73 28 61 2c 6e 75 6c 6c 2c 5b 7b 6b 65 79 3a 22 56 45 52 53 49 4f 4e 22 2c 67 65 74 3a 66 75 6e Data Ascii: (),"object"==typeof i&&i?i:{});if(!e&&n.toggle&&/show|hide/.test(i)&&(n.toggle=!1),e||(e=new a(this,n),t.data(ht,e)),"string"==typeof i){if("undefined"==typeof e[i])throw new TypeError('No method named "'+i+'"');e[i]()}})},s(a,null,[{key:"VERSION",get:fun
2022-03-03 07:35:29 UTC 85 IN Data Raw: 74 2d 73 74 61 72 74 22 2c 24 74 3d 7b 6f 66 66 73 65 74 3a 30 2c 66 6c 69 70 3a 21 30 2c 62 6f 75 6e 64 61 72 79 3a 22 73 63 72 6f 6c 6c 50 61 72 65 6e 74 22 2c 72 65 66 65 72 65 6e 63 65 3a 22 74 6f 67 67 6c 65 22 2c 64 69 73 70 6c 61 79 3a 22 64 79 6e 61 6d 69 63 22 7d 2c 47 74 3d 7b 6f 66 66 73 65 74 3a 22 28 6e 75 6d 62 65 72 7c 73 74 72 69 6e 67 7c 66 75 6e 63 74 69 6f 6e 29 22 2c 66 6c 69 70 3a 22 62 6f 6f 6c 65 61 6e 22 2c 62 6f 75 6e 64 61 72 79 3a 22 28 73 74 72 69 6e 67 7c 65 6c 65 6d 65 6e 74 29 22 2c 72 65 66 65 72 65 6e 63 65 3a 22 28 73 74 72 69 6e 67 7c 65 6c 65 6d 65 6e 74 29 22 2c 64 69 73 70 6c 61 79 3a 22 73 74 72 69 6e 67 22 7d 2c 4a 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 74 2c 65 29 7b 74 68 69 73 2e Data Ascii: t-start",$t={offset:0,flip:!0,boundary:"scrollParent",reference:"toggle",display:"dynamic"},Gt={offset:"(number|string|function)",flip:"boolean",boundary:"(string|element)",reference:"(string|element)",display:"string"},Jt=function(){function c(t,e){this.
2022-03-03 07:35:29 UTC 87 IN Data Raw: 2e 5f 6d 65 6e 75 29 2e 74 6f 67 67 6c 65 43 6c 61 73 73 28 4c 74 29 2c 67 28 74 29 2e 74 6f 67 67 6c 65 43 6c 61 73 73 28 4c 74 29 2e 74 72 69 67 67 65 72 28 67 2e 45 76 65 6e 74 28 6b 74 2e 53 48 4f 57 4e 2c 6e 29 29 7d 7d 7d 7d 2c 74 2e 73 68 6f 77 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 64 69 73 61 62 6c 65 64 7c 7c 67 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 68 61 73 43 6c 61 73 73 28 50 74 29 7c 7c 67 28 74 68 69 73 2e 5f 6d 65 6e 75 29 2e 68 61 73 43 6c 61 73 73 28 4c 74 29 29 29 7b 76 61 72 20 74 3d 7b 72 65 6c 61 74 65 64 54 61 72 67 65 74 3a 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 7d 2c 65 3d 67 2e 45 76 65 6e 74 28 6b 74 2e 53 48 4f 57 2c 74 29 2c 6e 3d 63 2e 5f 67 65 74 50 61 72 65 6e Data Ascii: ._menu).toggleClass(Lt),g(t).toggleClass(Lt).trigger(g.Event(kt.SHOWN,n))}}}},t.show=function(){if(!(this._element.disabled||g(this._element).hasClass(Pt)||g(this._menu).hasClass(Lt))){var t={relatedTarget:this._element},e=g.Event(kt.SHOW,t),n=c._getParen
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 122 of 135
2022-03-03 07:35:29 UTC 88 IN Data Raw: 45 6c 65 6d 65 6e 74 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 3b 74 26 26 28 74 68 69 73 2e 5f 6d 65 6e 75 3d 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 71 74 29 29 7d 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 6d 65 6e 75 7d 2c 74 2e 5f 67 65 74 50 6c 61 63 65 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 67 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 70 61 72 65 6e 74 4e 6f 64 65 29 2c 65 3d 56 74 3b 72 65 74 75 72 6e 20 74 2e 68 61 73 43 6c 61 73 73 28 6a 74 29 3f 28 65 3d 51 74 2c 67 28 74 68 69 73 2e 5f 6d 65 6e 75 29 2e 68 61 73 43 6c 61 73 73 28 78 74 29 26 26 28 65 3d 42 74 29 29 3a 74 2e 68 61 73 43 6c 61 73 73 28 48 74 29 3f 65 3d 7a 74 3a 74 2e 68 61 73 43 6c 61 73 73 28 52 74 29 3f 65 3d 58 74 3a 67 28 74 68 69 73 2e Data Ascii: Element(this._element);t&&(this._menu=t.querySelector(qt))}return this._menu},t._getPlacement=function(){var t=g(this._element.parentNode),e=Vt;return t.hasClass(jt)?(e=Qt,g(this._menu).hasClass(xt)&&(e=Bt)):t.hasClass(Ht)?e=zt:t.hasClass(Rt)?e=Xt:g(this.
2022-03-03 07:35:29 UTC 89 IN Data Raw: 26 28 73 2e 63 6c 69 63 6b 45 76 65 6e 74 3d 74 29 2c 72 29 7b 76 61 72 20 61 3d 72 2e 5f 6d 65 6e 75 3b 69 66 28 67 28 6f 29 2e 68 61 73 43 6c 61 73 73 28 4c 74 29 26 26 21 28 74 26 26 28 22 63 6c 69 63 6b 22 3d 3d 3d 74 2e 74 79 70 65 26 26 2f 69 6e 70 75 74 7c 74 65 78 74 61 72 65 61 2f 69 2e 74 65 73 74 28 74 2e 74 61 72 67 65 74 2e 74 61 67 4e 61 6d 65 29 7c 7c 22 6b 65 79 75 70 22 3d 3d 3d 74 2e 74 79 70 65 26 26 39 3d 3d 3d 74 2e 77 68 69 63 68 29 26 26 67 2e 63 6f 6e 74 61 69 6e 73 28 6f 2c 74 2e 74 61 72 67 65 74 29 29 29 7b 76 61 72 20 6c 3d 67 2e 45 76 65 6e 74 28 6b 74 2e 48 49 44 45 2c 73 29 3b 67 28 6f 29 2e 74 72 69 67 67 65 72 28 6c 29 2c 6c 2e 69 73 44 65 66 61 75 6c 74 50 72 65 76 65 6e 74 65 64 28 29 7c 7c 28 22 6f 6e 74 6f 75 63 68 73 Data Ascii: &(s.clickEvent=t),r){var a=r._menu;if(g(o).hasClass(Lt)&&!(t&&("click"===t.type&&/input|textarea/i.test(t.target.tagName)||"keyup"===t.type&&9===t.which)&&g.contains(o,t.target))){var l=g.Event(kt.HIDE,s);g(o).trigger(l),l.isDefaultPrevented()||("ontouchs
2022-03-03 07:35:29 UTC 91 IN Data Raw: 74 7d 7d 5d 29 2c 63 7d 28 29 3b 67 28 64 6f 63 75 6d 65 6e 74 29 2e 6f 6e 28 6b 74 2e 4b 45 59 44 4f 57 4e 5f 44 41 54 41 5f 41 50 49 2c 55 74 2c 4a 74 2e 5f 64 61 74 61 41 70 69 4b 65 79 64 6f 77 6e 48 61 6e 64 6c 65 72 29 2e 6f 6e 28 6b 74 2e 4b 45 59 44 4f 57 4e 5f 44 41 54 41 5f 41 50 49 2c 71 74 2c 4a 74 2e 5f 64 61 74 61 41 70 69 4b 65 79 64 6f 77 6e 48 61 6e 64 6c 65 72 29 2e 6f 6e 28 6b 74 2e 43 4c 49 43 4b 5f 44 41 54 41 5f 41 50 49 2b 22 20 22 2b 6b 74 2e 4b 45 59 55 50 5f 44 41 54 41 5f 41 50 49 2c 4a 74 2e 5f 63 6c 65 61 72 4d 65 6e 75 73 29 2e 6f 6e 28 6b 74 2e 43 4c 49 43 4b 5f 44 41 54 41 5f 41 50 49 2c 55 74 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 74 2e 73 74 6f 70 50 72 6f 70 61 67 Data Ascii: t}}]),c}();g(document).on(kt.KEYDOWN_DATA_API,Ut,Jt._dataApiKeydownHandler).on(kt.KEYDOWN_DATA_API,qt,Jt._dataApiKeydownHandler).on(kt.CLICK_DATA_API+" "+kt.KEYUP_DATA_API,Jt._clearMenus).on(kt.CLICK_DATA_API,Ut,function(t){t.preventDefault(),t.stopPropag
2022-03-03 07:35:29 UTC 92 IN Data Raw: 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 69 73 53 68 6f 77 6e 3d 21 31 2c 74 68 69 73 2e 5f 69 73 42 6f 64 79 4f 76 65 72 66 6c 6f 77 69 6e 67 3d 21 31 2c 74 68 69 73 2e 5f 69 67 6e 6f 72 65 42 61 63 6b 64 72 6f 70 43 6c 69 63 6b 3d 21 31 2c 74 68 69 73 2e 5f 69 73 54 72 61 6e 73 69 74 69 6f 6e 69 6e 67 3d 21 31 2c 74 68 69 73 2e 5f 73 63 72 6f 6c 6c 62 61 72 57 69 64 74 68 3d 30 7d 76 61 72 20 74 3d 6f 2e 70 72 6f 74 6f 74 79 70 65 3b 72 65 74 75 72 6e 20 74 2e 74 6f 67 67 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 69 73 53 68 6f 77 6e 3f 74 68 69 73 2e 68 69 64 65 28 29 3a 74 68 69 73 2e 73 68 6f 77 28 74 29 7d 2c 74 2e 73 68 6f 77 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 69 66 28 21 74 Data Ascii: =null,this._isShown=!1,this._isBodyOverflowing=!1,this._ignoreBackdropClick=!1,this._isTransitioning=!1,this._scrollbarWidth=0}var t=o.prototype;return t.toggle=function(t){return this._isShown?this.hide():this.show(t)},t.show=function(t){var e=this;if(!t
2022-03-03 07:35:29 UTC 93 IN Data Raw: 74 69 6f 6e 46 72 6f 6d 45 6c 65 6d 65 6e 74 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 3b 67 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 6f 6e 65 28 5f 2e 54 52 41 4e 53 49 54 49 4f 4e 5f 45 4e 44 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 65 2e 5f 68 69 64 65 4d 6f 64 61 6c 28 74 29 7d 29 2e 65 6d 75 6c 61 74 65 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 6f 29 7d 65 6c 73 65 20 74 68 69 73 2e 5f 68 69 64 65 4d 6f 64 61 6c 28 29 7d 7d 7d 2c 74 2e 64 69 73 70 6f 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 5b 77 69 6e 64 6f 77 2c 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 74 68 69 73 2e 5f 64 69 61 6c 6f 67 5d 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 67 28 74 29 2e 6f 66 66 28 65 65 29 7d 29 2c Data Ascii: tionFromElement(this._element);g(this._element).one(_.TRANSITION_END,function(t){return e._hideModal(t)}).emulateTransitionEnd(o)}else this._hideModal()}}},t.dispose=function(){[window,this._element,this._dialog].forEach(function(t){return g(t).off(ee)}),
2022-03-03 07:35:29 UTC 95 IN Data Raw: 6c 6f 67 29 2e 6f 6e 65 28 5f 2e 54 52 41 4e 53 49 54 49 4f 4e 5f 45 4e 44 2c 6f 29 2e 65 6d 75 6c 61 74 65 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 72 29 7d 65 6c 73 65 20 6f 28 29 7d 2c 74 2e 5f 65 6e 66 6f 72 63 65 46 6f 63 75 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 67 28 64 6f 63 75 6d 65 6e 74 29 2e 6f 66 66 28 72 65 2e 46 4f 43 55 53 49 4e 29 2e 6f 6e 28 72 65 2e 46 4f 43 55 53 49 4e 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 64 6f 63 75 6d 65 6e 74 21 3d 3d 74 2e 74 61 72 67 65 74 26 26 65 2e 5f 65 6c 65 6d 65 6e 74 21 3d 3d 74 2e 74 61 72 67 65 74 26 26 30 3d 3d 3d 67 28 65 2e 5f 65 6c 65 6d 65 6e 74 29 2e 68 61 73 28 74 2e 74 61 72 67 65 74 29 2e 6c 65 6e 67 74 68 26 26 65 2e 5f 65 6c 65 6d 65 6e 74 2e 66 6f 63 75 73 Data Ascii: log).one(_.TRANSITION_END,o).emulateTransitionEnd(r)}else o()},t._enforceFocus=function(){var e=this;g(document).off(re.FOCUSIN).on(re.FOCUSIN,function(t){document!==t.target&&e._element!==t.target&&0===g(e._element).has(t.target).length&&e._element.focus
2022-03-03 07:35:29 UTC 96 IN Data Raw: 6e 28 74 29 7b 65 2e 5f 69 67 6e 6f 72 65 42 61 63 6b 64 72 6f 70 43 6c 69 63 6b 3f 65 2e 5f 69 67 6e 6f 72 65 42 61 63 6b 64 72 6f 70 43 6c 69 63 6b 3d 21 31 3a 74 2e 74 61 72 67 65 74 3d 3d 3d 74 2e 63 75 72 72 65 6e 74 54 61 72 67 65 74 26 26 28 22 73 74 61 74 69 63 22 3d 3d 3d 65 2e 5f 63 6f 6e 66 69 67 2e 62 61 63 6b 64 72 6f 70 3f 65 2e 5f 65 6c 65 6d 65 6e 74 2e 66 6f 63 75 73 28 29 3a 65 2e 68 69 64 65 28 29 29 7d 29 2c 6e 26 26 5f 2e 72 65 66 6c 6f 77 28 74 68 69 73 2e 5f 62 61 63 6b 64 72 6f 70 29 2c 67 28 74 68 69 73 2e 5f 62 61 63 6b 64 72 6f 70 29 2e 61 64 64 43 6c 61 73 73 28 75 65 29 2c 21 74 29 72 65 74 75 72 6e 3b 69 66 28 21 6e 29 72 65 74 75 72 6e 20 76 6f 69 64 20 74 28 29 3b 76 61 72 20 69 3d 5f 2e 67 65 74 54 72 61 6e 73 69 74 69 6f Data Ascii: n(t){e._ignoreBackdropClick?e._ignoreBackdropClick=!1:t.target===t.currentTarget&&("static"===e._config.backdrop?e._element.focus():e.hide())}),n&&_.reflow(this._backdrop),g(this._backdrop).addClass(ue),!t)return;if(!n)return void t();var i=_.getTransitio
2022-03-03 07:35:29 UTC 97 IN Data Raw: 36 37 31 36 0d 0a 66 28 74 68 69 73 2e 5f 69 73 42 6f 64 79 4f 76 65 72 66 6c 6f 77 69 6e 67 29 7b 76 61 72 20 74 3d 5b 5d 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 6d 65 29 29 2c 65 3d 5b 5d 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 70 65 29 29 3b 67 28 74 29 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 65 2e 73 74 79 6c 65 2e 70 61 64 64 69 6e 67 52 69 67 68 74 2c 69 3d 67 28 65 29 2e 63 73 73 28 22 70 61 64 64 69 6e 67 2d 72 69 67 68 74 22 29 3b 67 28 65 29 2e 64 61 74 61 28 22 70 61 64 64 69 6e 67 2d 72 69 67 68 74 22 2c 6e 29 2e 63 73 73 28 22 70 61 64 64 69 6e 67 2d 72 69 67 Data Ascii: 6716f(this._isBodyOverflowing){var t=[].slice.call(document.querySelectorAll(me)),e=[].slice.call(document.querySelectorAll(pe));g(t).each(function(t,e){var n=e.style.paddingRight,i=g(e).css("padding-right");g(e).data("padding-right",n).css("padding-rig
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 123 of 135
2022-03-03 07:35:29 UTC 98 IN Data Raw: 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 74 29 2c 65 7d 2c 6f 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 69 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 67 28 74 68 69 73 29 2e 64 61 74 61 28 74 65 29 2c 65 3d 6c 28 7b 7d 2c 69 65 2c 67 28 74 68 69 73 29 2e 64 61 74 61 28 29 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6e 26 26 6e 3f 6e 3a 7b 7d 29 3b 69 66 28 74 7c 7c 28 74 3d 6e 65 77 20 6f 28 74 68 69 73 2c 65 29 2c 67 28 74 68 69 73 29 2e 64 61 74 61 28 74 65 2c 74 29 29 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 6e 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 74 5b 6e 5d 29 Data Ascii: ent.body.removeChild(t),e},o._jQueryInterface=function(n,i){return this.each(function(){var t=g(this).data(te),e=l({},ie,g(this).data(),"object"==typeof n&&n?n:{});if(t||(t=new o(this,e),g(this).data(te,t)),"string"==typeof n){if("undefined"==typeof t[n])
2022-03-03 07:35:29 UTC 100 IN Data Raw: 75 6c 3a 5b 5d 7d 2c 43 65 3d 2f 5e 28 3f 3a 28 3f 3a 68 74 74 70 73 3f 7c 6d 61 69 6c 74 6f 7c 66 74 70 7c 74 65 6c 7c 66 69 6c 65 29 3a 7c 5b 5e 26 3a 2f 3f 23 5d 2a 28 3f 3a 5b 2f 3f 23 5d 7c 24 29 29 2f 67 69 2c 54 65 3d 2f 5e 64 61 74 61 3a 28 3f 3a 69 6d 61 67 65 5c 2f 28 3f 3a 62 6d 70 7c 67 69 66 7c 6a 70 65 67 7c 6a 70 67 7c 70 6e 67 7c 74 69 66 66 7c 77 65 62 70 29 7c 76 69 64 65 6f 5c 2f 28 3f 3a 6d 70 65 67 7c 6d 70 34 7c 6f 67 67 7c 77 65 62 6d 29 7c 61 75 64 69 6f 5c 2f 28 3f 3a 6d 70 33 7c 6f 67 61 7c 6f 67 67 7c 6f 70 75 73 29 29 3b 62 61 73 65 36 34 2c 5b 61 2d 7a 30 2d 39 2b 2f 5d 2b 3d 2a 24 2f 69 3b 66 75 6e 63 74 69 6f 6e 20 53 65 28 74 2c 73 2c 65 29 7b 69 66 28 30 3d 3d 3d 74 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 20 74 3b 69 66 Data Ascii: ul:[]},Ce=/^(?:(?:https?|mailto|ftp|tel|file):|[^&:/?#]*(?:[/?#]|$))/gi,Te=/^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[a-z0-9+/]+=*$/i;function Se(t,s,e){if(0===t.length)return t;if
2022-03-03 07:35:29 UTC 101 IN Data Raw: 72 69 6e 67 7c 66 75 6e 63 74 69 6f 6e 29 22 2c 63 6f 6e 74 61 69 6e 65 72 3a 22 28 73 74 72 69 6e 67 7c 65 6c 65 6d 65 6e 74 7c 62 6f 6f 6c 65 61 6e 29 22 2c 66 61 6c 6c 62 61 63 6b 50 6c 61 63 65 6d 65 6e 74 3a 22 28 73 74 72 69 6e 67 7c 61 72 72 61 79 29 22 2c 62 6f 75 6e 64 61 72 79 3a 22 28 73 74 72 69 6e 67 7c 65 6c 65 6d 65 6e 74 29 22 2c 73 61 6e 69 74 69 7a 65 3a 22 62 6f 6f 6c 65 61 6e 22 2c 73 61 6e 69 74 69 7a 65 46 6e 3a 22 28 6e 75 6c 6c 7c 66 75 6e 63 74 69 6f 6e 29 22 2c 77 68 69 74 65 4c 69 73 74 3a 22 6f 62 6a 65 63 74 22 7d 2c 50 65 3d 7b 41 55 54 4f 3a 22 61 75 74 6f 22 2c 54 4f 50 3a 22 74 6f 70 22 2c 52 49 47 48 54 3a 22 72 69 67 68 74 22 2c 42 4f 54 54 4f 4d 3a 22 62 6f 74 74 6f 6d 22 2c 4c 45 46 54 3a 22 6c 65 66 74 22 7d 2c 4c 65 Data Ascii: ring|function)",container:"(string|element|boolean)",fallbackPlacement:"(string|array)",boundary:"(string|element)",sanitize:"boolean",sanitizeFn:"(null|function)",whiteList:"object"},Pe={AUTO:"auto",TOP:"top",RIGHT:"right",BOTTOM:"bottom",LEFT:"left"},Le
2022-03-03 07:35:29 UTC 102 IN Data Raw: 5f 69 73 45 6e 61 62 6c 65 64 7d 2c 74 2e 74 6f 67 67 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 74 68 69 73 2e 5f 69 73 45 6e 61 62 6c 65 64 29 69 66 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 44 41 54 41 5f 4b 45 59 2c 6e 3d 67 28 74 2e 63 75 72 72 65 6e 74 54 61 72 67 65 74 29 2e 64 61 74 61 28 65 29 3b 6e 7c 7c 28 6e 3d 6e 65 77 20 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 74 2e 63 75 72 72 65 6e 74 54 61 72 67 65 74 2c 74 68 69 73 2e 5f 67 65 74 44 65 6c 65 67 61 74 65 43 6f 6e 66 69 67 28 29 29 2c 67 28 74 2e 63 75 72 72 65 6e 74 54 61 72 67 65 74 29 2e 64 61 74 61 28 65 2c 6e 29 29 2c 6e 2e 5f 61 63 74 69 76 65 54 72 69 67 67 65 72 2e 63 6c 69 63 6b 3d 21 6e 2e 5f 61 63 74 69 76 65 54 72 69 Data Ascii: _isEnabled},t.toggle=function(t){if(this._isEnabled)if(t){var e=this.constructor.DATA_KEY,n=g(t.currentTarget).data(e);n||(n=new this.constructor(t.currentTarget,this._getDelegateConfig()),g(t.currentTarget).data(e,n)),n._activeTrigger.click=!n._activeTri
2022-03-03 07:35:29 UTC 104 IN Data Raw: 69 61 2d 64 65 73 63 72 69 62 65 64 62 79 22 2c 72 29 2c 74 68 69 73 2e 73 65 74 43 6f 6e 74 65 6e 74 28 29 2c 74 68 69 73 2e 63 6f 6e 66 69 67 2e 61 6e 69 6d 61 74 69 6f 6e 26 26 67 28 6f 29 2e 61 64 64 43 6c 61 73 73 28 78 65 29 3b 76 61 72 20 73 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 68 69 73 2e 63 6f 6e 66 69 67 2e 70 6c 61 63 65 6d 65 6e 74 3f 74 68 69 73 2e 63 6f 6e 66 69 67 2e 70 6c 61 63 65 6d 65 6e 74 2e 63 61 6c 6c 28 74 68 69 73 2c 6f 2c 74 68 69 73 2e 65 6c 65 6d 65 6e 74 29 3a 74 68 69 73 2e 63 6f 6e 66 69 67 2e 70 6c 61 63 65 6d 65 6e 74 2c 61 3d 74 68 69 73 2e 5f 67 65 74 41 74 74 61 63 68 6d 65 6e 74 28 73 29 3b 74 68 69 73 2e 61 64 64 41 74 74 61 63 68 6d 65 6e 74 43 6c 61 73 73 28 61 29 3b 76 61 72 20 6c 3d 74 68 Data Ascii: ia-describedby",r),this.setContent(),this.config.animation&&g(o).addClass(xe);var s="function"==typeof this.config.placement?this.config.placement.call(this,o,this.element):this.config.placement,a=this._getAttachment(s);this.addAttachmentClass(a);var l=th
2022-03-03 07:35:29 UTC 105 IN Data Raw: 61 74 65 21 3d 3d 6a 65 26 26 6e 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 6e 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 6e 29 2c 65 2e 5f 63 6c 65 61 6e 54 69 70 43 6c 61 73 73 28 29 2c 65 2e 65 6c 65 6d 65 6e 74 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 22 61 72 69 61 2d 64 65 73 63 72 69 62 65 64 62 79 22 29 2c 67 28 65 2e 65 6c 65 6d 65 6e 74 29 2e 74 72 69 67 67 65 72 28 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 45 76 65 6e 74 2e 48 49 44 44 45 4e 29 2c 6e 75 6c 6c 21 3d 3d 65 2e 5f 70 6f 70 70 65 72 26 26 65 2e 5f 70 6f 70 70 65 72 2e 64 65 73 74 72 6f 79 28 29 2c 74 26 26 74 28 29 7d 3b 69 66 28 67 28 74 68 69 73 2e 65 6c 65 6d 65 6e 74 29 2e 74 72 69 67 67 65 72 28 69 29 2c 21 69 2e 69 73 44 65 66 61 75 6c 74 50 Data Ascii: ate!==je&&n.parentNode&&n.parentNode.removeChild(n),e._cleanTipClass(),e.element.removeAttribute("aria-describedby"),g(e.element).trigger(e.constructor.Event.HIDDEN),null!==e._popper&&e._popper.destroy(),t&&t()};if(g(this.element).trigger(i),!i.isDefaultP
2022-03-03 07:35:29 UTC 106 IN Data Raw: 74 3d 74 68 69 73 2e 65 6c 65 6d 65 6e 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6f 72 69 67 69 6e 61 6c 2d 74 69 74 6c 65 22 29 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 68 69 73 2e 63 6f 6e 66 69 67 2e 74 69 74 6c 65 3f 74 68 69 73 2e 63 6f 6e 66 69 67 2e 74 69 74 6c 65 2e 63 61 6c 6c 28 74 68 69 73 2e 65 6c 65 6d 65 6e 74 29 3a 74 68 69 73 2e 63 6f 6e 66 69 67 2e 74 69 74 6c 65 29 2c 74 7d 2c 74 2e 5f 67 65 74 4f 66 66 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 74 68 69 73 2c 74 3d 7b 7d 3b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 68 69 73 2e 63 6f 6e 66 69 67 2e 6f 66 66 73 65 74 3f 74 2e 66 6e 3d 66 75 6e 63 74 69 Data Ascii: t=this.element.getAttribute("data-original-title");return t||(t="function"==typeof this.config.title?this.config.title.call(this.element):this.config.title),t},t._getOffset=function(){var e=this,t={};return"function"==typeof this.config.offset?t.fn=functi
2022-03-03 07:35:29 UTC 108 IN Data Raw: 65 74 41 74 74 72 69 62 75 74 65 28 22 74 69 74 6c 65 22 29 7c 7c 22 73 74 72 69 6e 67 22 21 3d 3d 74 29 26 26 28 74 68 69 73 2e 65 6c 65 6d 65 6e 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6f 72 69 67 69 6e 61 6c 2d 74 69 74 6c 65 22 2c 74 68 69 73 2e 65 6c 65 6d 65 6e 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 69 74 6c 65 22 29 7c 7c 22 22 29 2c 74 68 69 73 2e 65 6c 65 6d 65 6e 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 69 74 6c 65 22 2c 22 22 29 29 7d 2c 74 2e 5f 65 6e 74 65 72 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 44 41 54 41 5f 4b 45 59 3b 28 65 3d 65 7c 7c 67 28 74 2e 63 75 72 72 65 6e 74 54 61 72 67 65 74 29 2e 64 61 74 61 28 6e 29 29 7c Data Ascii: etAttribute("title")||"string"!==t)&&(this.element.setAttribute("data-original-title",this.element.getAttribute("title")||""),this.element.setAttribute("title",""))},t._enter=function(t,e){var n=this.constructor.DATA_KEY;(e=e||g(t.currentTarget).data(n))|
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 124 of 135
2022-03-03 07:35:29 UTC 109 IN Data Raw: 72 2e 44 65 66 61 75 6c 74 2c 65 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 74 3f 74 3a 7b 7d 29 29 2e 64 65 6c 61 79 26 26 28 74 2e 64 65 6c 61 79 3d 7b 73 68 6f 77 3a 74 2e 64 65 6c 61 79 2c 68 69 64 65 3a 74 2e 64 65 6c 61 79 7d 29 2c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 74 2e 74 69 74 6c 65 26 26 28 74 2e 74 69 74 6c 65 3d 74 2e 74 69 74 6c 65 2e 74 6f 53 74 72 69 6e 67 28 29 29 2c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 74 2e 63 6f 6e 74 65 6e 74 26 26 28 74 2e 63 6f 6e 74 65 6e 74 3d 74 2e 63 6f 6e 74 65 6e 74 2e 74 6f 53 74 72 69 6e 67 28 29 29 2c 5f 2e 74 79 70 65 43 68 65 63 6b 43 6f 6e 66 69 67 28 62 65 2c 74 2c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 44 65 66 61 75 6c 74 54 79 70 65 29 2c Data Ascii: r.Default,e,"object"==typeof t&&t?t:{})).delay&&(t.delay={show:t.delay,hide:t.delay}),"number"==typeof t.title&&(t.title=t.title.toString()),"number"==typeof t.content&&(t.content=t.content.toString()),_.typeCheckConfig(be,t,this.constructor.DefaultType),
2022-03-03 07:35:29 UTC 110 IN Data Raw: 65 7d 7d 2c 7b 6b 65 79 3a 22 4e 41 4d 45 22 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 65 7d 7d 2c 7b 6b 65 79 3a 22 44 41 54 41 5f 4b 45 59 22 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 65 7d 7d 2c 7b 6b 65 79 3a 22 45 76 65 6e 74 22 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 52 65 7d 7d 2c 7b 6b 65 79 3a 22 45 56 45 4e 54 5f 4b 45 59 22 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 44 65 7d 7d 2c 7b 6b 65 79 3a 22 44 65 66 61 75 6c 74 54 79 70 65 22 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6b 65 7d 7d 5d 29 2c 69 7d 28 29 3b 67 2e 66 6e 5b 62 65 5d 3d 42 65 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2c 67 2e 66 Data Ascii: e}},{key:"NAME",get:function(){return be}},{key:"DATA_KEY",get:function(){return Ie}},{key:"Event",get:function(){return Re}},{key:"EVENT_KEY",get:function(){return De}},{key:"DefaultType",get:function(){return ke}}]),i}();g.fn[be]=Be._jQueryInterface,g.f
2022-03-03 07:35:29 UTC 112 IN Data Raw: 2e 74 69 70 3d 74 68 69 73 2e 74 69 70 7c 7c 67 28 74 68 69 73 2e 63 6f 6e 66 69 67 2e 74 65 6d 70 6c 61 74 65 29 5b 30 5d 2c 74 68 69 73 2e 74 69 70 7d 2c 6f 2e 73 65 74 43 6f 6e 74 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 67 28 74 68 69 73 2e 67 65 74 54 69 70 45 6c 65 6d 65 6e 74 28 29 29 3b 74 68 69 73 2e 73 65 74 45 6c 65 6d 65 6e 74 43 6f 6e 74 65 6e 74 28 74 2e 66 69 6e 64 28 6e 6e 29 2c 74 68 69 73 2e 67 65 74 54 69 74 6c 65 28 29 29 3b 76 61 72 20 65 3d 74 68 69 73 2e 5f 67 65 74 43 6f 6e 74 65 6e 74 28 29 3b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 28 65 3d 65 2e 63 61 6c 6c 28 74 68 69 73 2e 65 6c 65 6d 65 6e 74 29 29 2c 74 68 69 73 2e 73 65 74 45 6c 65 6d 65 6e 74 43 6f 6e 74 65 6e 74 28 74 2e 66 Data Ascii: .tip=this.tip||g(this.config.template)[0],this.tip},o.setContent=function(){var t=g(this.getTipElement());this.setElementContent(t.find(nn),this.getTitle());var e=this._getContent();"function"==typeof e&&(e=e.call(this.element)),this.setElementContent(t.f
2022-03-03 07:35:29 UTC 113 IN Data Raw: 6d 62 65 72 22 2c 6d 65 74 68 6f 64 3a 22 73 74 72 69 6e 67 22 2c 74 61 72 67 65 74 3a 22 28 73 74 72 69 6e 67 7c 65 6c 65 6d 65 6e 74 29 22 7d 2c 64 6e 3d 7b 41 43 54 49 56 41 54 45 3a 22 61 63 74 69 76 61 74 65 22 2b 63 6e 2c 53 43 52 4f 4c 4c 3a 22 73 63 72 6f 6c 6c 22 2b 63 6e 2c 4c 4f 41 44 5f 44 41 54 41 5f 41 50 49 3a 22 6c 6f 61 64 22 2b 63 6e 2b 22 2e 64 61 74 61 2d 61 70 69 22 7d 2c 67 6e 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 22 2c 5f 6e 3d 22 61 63 74 69 76 65 22 2c 6d 6e 3d 27 5b 64 61 74 61 2d 73 70 79 3d 22 73 63 72 6f 6c 6c 22 5d 27 2c 70 6e 3d 22 2e 6e 61 76 2c 20 2e 6c 69 73 74 2d 67 72 6f 75 70 22 2c 76 6e 3d 22 2e 6e 61 76 2d 6c 69 6e 6b 22 2c 79 6e 3d 22 2e 6e 61 76 2d 69 74 65 6d 22 2c 45 6e 3d 22 2e 6c 69 73 74 2d 67 72 6f 75 Data Ascii: mber",method:"string",target:"(string|element)"},dn={ACTIVATE:"activate"+cn,SCROLL:"scroll"+cn,LOAD_DATA_API:"load"+cn+".data-api"},gn="dropdown-item",_n="active",mn='[data-spy="scroll"]',pn=".nav, .list-group",vn=".nav-link",yn=".nav-item",En=".list-grou
2022-03-03 07:35:29 UTC 115 IN Data Raw: 28 74 29 7b 65 2e 5f 6f 66 66 73 65 74 73 2e 70 75 73 68 28 74 5b 30 5d 29 2c 65 2e 5f 74 61 72 67 65 74 73 2e 70 75 73 68 28 74 5b 31 5d 29 7d 29 7d 2c 74 2e 64 69 73 70 6f 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 72 65 6d 6f 76 65 44 61 74 61 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 6c 6e 29 2c 67 28 74 68 69 73 2e 5f 73 63 72 6f 6c 6c 45 6c 65 6d 65 6e 74 29 2e 6f 66 66 28 63 6e 29 2c 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 73 63 72 6f 6c 6c 45 6c 65 6d 65 6e 74 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 63 6f 6e 66 69 67 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 73 65 6c 65 63 74 6f 72 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 6f 66 66 73 65 74 73 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 74 61 72 67 65 74 73 3d 6e 75 6c 6c 2c 74 Data Ascii: (t){e._offsets.push(t[0]),e._targets.push(t[1])})},t.dispose=function(){g.removeData(this._element,ln),g(this._scrollElement).off(cn),this._element=null,this._scrollElement=null,this._config=null,this._selector=null,this._offsets=null,this._targets=null,t
2022-03-03 07:35:29 UTC 116 IN Data Raw: 63 74 69 76 65 54 61 72 67 65 74 21 3d 3d 74 68 69 73 2e 5f 74 61 72 67 65 74 73 5b 6f 5d 26 26 74 3e 3d 74 68 69 73 2e 5f 6f 66 66 73 65 74 73 5b 6f 5d 26 26 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 74 68 69 73 2e 5f 6f 66 66 73 65 74 73 5b 6f 2b 31 5d 7c 7c 74 3c 74 68 69 73 2e 5f 6f 66 66 73 65 74 73 5b 6f 2b 31 5d 29 26 26 74 68 69 73 2e 5f 61 63 74 69 76 61 74 65 28 74 68 69 73 2e 5f 74 61 72 67 65 74 73 5b 6f 5d 29 7d 7d 7d 2c 74 2e 5f 61 63 74 69 76 61 74 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 68 69 73 2e 5f 61 63 74 69 76 65 54 61 72 67 65 74 3d 65 2c 74 68 69 73 2e 5f 63 6c 65 61 72 28 29 3b 76 61 72 20 74 3d 74 68 69 73 2e 5f 73 65 6c 65 63 74 6f 72 2e 73 70 6c 69 74 28 22 2c 22 29 2e 6d 61 70 28 66 75 6e 63 74 69 6f Data Ascii: ctiveTarget!==this._targets[o]&&t>=this._offsets[o]&&("undefined"==typeof this._offsets[o+1]||t<this._offsets[o+1])&&this._activate(this._targets[o])}}},t._activate=function(e){this._activeTarget=e,this._clear();var t=this._selector.split(",").map(functio
2022-03-03 07:35:29 UTC 117 IN Data Raw: 72 3d 44 6e 2c 67 2e 66 6e 5b 61 6e 5d 2e 6e 6f 43 6f 6e 66 6c 69 63 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 2e 66 6e 5b 61 6e 5d 3d 68 6e 2c 44 6e 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 7d 3b 76 61 72 20 77 6e 3d 22 62 73 2e 74 61 62 22 2c 41 6e 3d 22 2e 22 2b 77 6e 2c 4e 6e 3d 67 2e 66 6e 2e 74 61 62 2c 4f 6e 3d 7b 48 49 44 45 3a 22 68 69 64 65 22 2b 41 6e 2c 48 49 44 44 45 4e 3a 22 68 69 64 64 65 6e 22 2b 41 6e 2c 53 48 4f 57 3a 22 73 68 6f 77 22 2b 41 6e 2c 53 48 4f 57 4e 3a 22 73 68 6f 77 6e 22 2b 41 6e 2c 43 4c 49 43 4b 5f 44 41 54 41 5f 41 50 49 3a 22 63 6c 69 63 6b 22 2b 41 6e 2b 22 2e 64 61 74 61 2d 61 70 69 22 7d 2c 6b 6e 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 2c 50 6e 3d 22 61 63 74 69 76 65 22 2c 4c Data Ascii: r=Dn,g.fn[an].noConflict=function(){return g.fn[an]=hn,Dn._jQueryInterface};var wn="bs.tab",An="."+wn,Nn=g.fn.tab,On={HIDE:"hide"+An,HIDDEN:"hidden"+An,SHOW:"show"+An,SHOWN:"shown"+An,CLICK_DATA_API:"click"+An+".data-api"},kn="dropdown-menu",Pn="active",L
2022-03-03 07:35:29 UTC 119 IN Data Raw: 63 74 69 6f 6e 28 29 7b 67 2e 72 65 6d 6f 76 65 44 61 74 61 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 77 6e 29 2c 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 3d 6e 75 6c 6c 7d 2c 74 2e 5f 61 63 74 69 76 61 74 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 69 3d 74 68 69 73 2c 6f 3d 28 21 65 7c 7c 22 55 4c 22 21 3d 3d 65 2e 6e 6f 64 65 4e 61 6d 65 26 26 22 4f 4c 22 21 3d 3d 65 2e 6e 6f 64 65 4e 61 6d 65 3f 67 28 65 29 2e 63 68 69 6c 64 72 65 6e 28 46 6e 29 3a 67 28 65 29 2e 66 69 6e 64 28 55 6e 29 29 5b 30 5d 2c 72 3d 6e 26 26 6f 26 26 67 28 6f 29 2e 68 61 73 43 6c 61 73 73 28 6a 6e 29 2c 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 69 2e 5f 74 72 61 6e 73 69 74 69 6f 6e 43 6f 6d 70 6c 65 74 65 28 74 2c 6f 2c 6e 29 7d 3b 69 Data Ascii: ction(){g.removeData(this._element,wn),this._element=null},t._activate=function(t,e,n){var i=this,o=(!e||"UL"!==e.nodeName&&"OL"!==e.nodeName?g(e).children(Fn):g(e).find(Un))[0],r=n&&o&&g(o).hasClass(jn),s=function(){return i._transitionComplete(t,o,n)};i
TimestampkBytestransferred
Direction Data
Copyright Joe Security LLC 2022 Page 125 of 135
2022-03-03 07:35:29 UTC 120 IN Data Raw: 6e 66 6c 69 63 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 2e 66 6e 2e 74 61 62 3d 4e 6e 2c 4b 6e 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 7d 3b 76 61 72 20 51 6e 3d 22 74 6f 61 73 74 22 2c 42 6e 3d 22 62 73 2e 74 6f 61 73 74 22 2c 56 6e 3d 22 2e 22 2b 42 6e 2c 59 6e 3d 67 2e 66 6e 5b 51 6e 5d 2c 7a 6e 3d 7b 43 4c 49 43 4b 5f 44 49 53 4d 49 53 53 3a 22 63 6c 69 63 6b 2e 64 69 73 6d 69 73 73 22 2b 56 6e 2c 48 49 44 45 3a 22 68 69 64 65 22 2b 56 6e 2c 48 49 44 44 45 4e 3a 22 68 69 64 64 65 6e 22 2b 56 6e 2c 53 48 4f 57 3a 22 73 68 6f 77 22 2b 56 6e 2c 53 48 4f 57 4e 3a 22 73 68 6f 77 6e 22 2b 56 6e 7d 2c 58 6e 3d 22 66 61 64 65 22 2c 24 6e 3d 22 68 69 64 65 22 2c 47 6e 3d 22 73 68 6f 77 22 2c 4a 6e 3d 22 73 68 6f 77 69 6e 67 22 Data Ascii: nflict=function(){return g.fn.tab=Nn,Kn._jQueryInterface};var Qn="toast",Bn="bs.toast",Vn="."+Bn,Yn=g.fn[Qn],zn={CLICK_DISMISS:"click.dismiss"+Vn,HIDE:"hide"+Vn,HIDDEN:"hidden"+Vn,SHOW:"show"+Vn,SHOWN:"shown"+Vn},Xn="fade",$n="hide",Gn="show",Jn="showing"
2022-03-03 07:35:29 UTC 123 IN Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
TimestampkBytestransferred
Direction Data
Session ID Source IP Source Port Destination IPDestinationPort
Process
6 192.168.2.3 49770 35.190.80.1 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:29 UTC 123 OUT OPTIONS /report/v3?s=Yq6WU2AdDUvlV2EjAwzin1a5Lu84FagaxP%2BE%2FPZ4MzB%2Bcu3DmaDxLLOguR3epzFdACTYk7G2pnFBNY1EtGrBdBmS%2BtZJdt%2F05BM69S1KYE6%2F15ZFeIO1iTU8k3UOjbQsZR6NqUn7 HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveOrigin: https://cdnjs.cloudflare.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
2022-03-03 07:35:29 UTC 139 IN HTTP/1.1 200 OKcontent-length: 0access-control-max-age: 86400access-control-allow-methods: POST, OPTIONSaccess-control-allow-origin: *access-control-allow-headers: content-length, content-typedate: Thu, 03 Mar 2022 07:35:29 GMTVia: 1.1 googleAlt-Svc: clearConnection: close
Session ID Source IP Source Port Destination IPDestinationPort
Process
7 192.168.2.3 49772 35.190.80.1 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:29 UTC 140 OUT POST /report/v3?s=Yq6WU2AdDUvlV2EjAwzin1a5Lu84FagaxP%2BE%2FPZ4MzB%2Bcu3DmaDxLLOguR3epzFdACTYk7G2pnFBNY1EtGrBdBmS%2BtZJdt%2F05BM69S1KYE6%2F15ZFeIO1iTU8k3UOjbQsZR6NqUn7 HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 507Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
2022-03-03 07:35:29 UTC 140 OUT Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 30 34 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6f 66 66 69 63 65 66 6f 6f 74 62 61 6c 6c 70 6f 6f 6c 2e 63 6f 6d 2f 70 6f 6f 6c 73 2e 63 66 6d 3f 70 6f 6f 6c 69 64 3d 32 34 31 34 37 26 70 3d 32 26 70 77 64 3d 62 72 61 63 6b 65 74 32 30 32 32 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 31 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 31 36 2e 31 38 2e 39 34 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 32 30 Data Ascii: [{"age":0,"body":{"elapsed_time":104,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022","sampling_fraction":0.01,"server_ip":"104.16.18.94","status_code":20
2022-03-03 07:35:29 UTC 157 IN HTTP/1.1 200 OKcontent-length: 0date: Thu, 03 Mar 2022 07:35:29 GMTVia: 1.1 googleAlt-Svc: clearConnection: close
Copyright Joe Security LLC 2022 Page 126 of 135
Session ID Source IP Source Port Destination IPDestinationPort
Process
8 192.168.2.3 49758 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:29 UTC 205 OUT GET /include/fixbootstrap.css?v=63 HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono
2022-03-03 07:35:29 UTC 224 IN HTTP/1.1 200 OKContent-Type: text/cssExpires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Thu, 22 Oct 2020 21:17:33 GMTAccept-Ranges: bytesETag: "a0d4bfc1b8a8d61:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:26 GMTConnection: closeContent-Length: 525
2022-03-03 07:35:29 UTC 225 IN Data Raw: 0d 0a 61 2e 62 74 6e 20 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 7d 0d 0a 61 2e 6e 61 76 2d 6c 69 6e 6b 20 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 0d 0a 2e 74 68 65 61 64 2d 64 61 72 6b 20 61 2c 20 2e 74 68 65 61 64 2d 64 61 72 6b 20 61 3a 76 69 73 69 74 65 64 20 7b 63 6f 6c 6f 72 3a 57 68 69 74 65 3b 7d 0d 0a 2e 61 6c 65 72 74 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 3b 7d 0d 0a 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 39 30 30 70 78 29 20 7b 0d 0a 20 20 20 20 2e 6d 6f 64 61 6c 2d 64 69 61 6c 6f 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a Data Ascii: a.btn {text-decoration: none;}a.nav-link {text-decoration:none;}.thead-dark a, .thead-dark a:visited {color:White;}.alert{margin-bottom:.5rem;}@media only screen and (max-width:900px) { .modal-dialog { width: 100%; height:
Session ID Source IP Source Port Destination IPDestinationPort
Process
9 192.168.2.3 49759 208.42.248.224 443 C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampkBytestransferred
Direction Data
2022-03-03 07:35:29 UTC 206 OUT GET /include/mainStyles.css?v=63 HTTP/1.1Host: www.officefootballpool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CFID=101312864; CFTOKEN=6fe3b5c282993839-1316078C-C81F-66EF-055A8D2D73A2097C; JSESSIONID=E9EDA72BD4C9F9D50B9B27692395A2D8.cfusion; MESSAGEMODE=chrono
2022-03-03 07:35:29 UTC 250 IN HTTP/1.1 200 OKContent-Type: text/cssExpires: Mon, 17 Feb 2025 00:00:00 GMTLast-Modified: Mon, 23 Aug 2021 16:07:06 GMTAccept-Ranges: bytesETag: "10e7deb3898d71:0"Server: Microsoft-IIS/7.5Date: Thu, 03 Mar 2022 07:36:26 GMTConnection: closeContent-Length: 77341
Copyright Joe Security LLC 2022 Page 127 of 135
2022-03-03 07:35:29 UTC 250 IN Data Raw: 2f 2a 62 6f 64 79 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6e 6f 6e 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 74 6f 70 20 6c 65 66 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 72 65 70 65 61 74 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 56 65 72 64 61 6e 61 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 6d 61 72 67 69 6e 3a 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 7d 2a 2f 0a 62 6f 64 79 20 7b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 37 35 70 78 3b 7d 0a 68 31 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d Data Ascii: /*body {background-image:none;background-position:top left;background-repeat:repeat;font-family:Arial, Verdana, Helvetica, sans-serif;font-size:14px;text-align:left;margin:0px;min-width:320px;}*/body {min-width:320px;padding-bottom:75px;}h1 {background-
2022-03-03 07:35:29 UTC 298 IN Data Raw: 20 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 33 30 70 78 3b 7d 0a 23 6c 6f 67 69 6e 41 6c 65 72 74 73 20 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 6c 65 66 74 3a 35 30 25 3b 74 6f 70 3a 35 30 25 3b 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 32 37 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 31 36 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 35 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 33 30 31 3b 7d 0a 23 6c 6f 67 69 6e 41 6c 65 72 74 73 20 2e 61 6c 65 72 74 54 69 74 6c 65 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a Data Ascii: {margin-left:30px;}#loginAlerts {cursor:pointer;margin:0 auto;position:fixed;display:none;left:50%;top:50%;width:320px;height:327px;margin-left:-160px;margin-top:-150px;z-index:301;}#loginAlerts .alertTitle {font-size:1.4em;font-weight:bold;margin-top:
2022-03-03 07:35:30 UTC 346 IN Data Raw: 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 20 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6c 69 6e 65 2d 74 68 72 6f 75 67 68 3b 7d 0a 2e 73 30 30 31 30 31 30 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 72 69 67 68 74 20 63 65 6e 74 65 72 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 34 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0a 2e 73 30 31 30 30 31 30 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 72 69 67 68 74 20 63 65 6e 74 65 72 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 Data Ascii: mportant;text-align:left !important;text-decoration:line-through;}.s001010 {background-position:right center;background-repeat:no-repeat;padding-right:14px !important;text-align:left !important;}.s010010 {background-position:right center;background-repe
2022-03-03 07:35:30 UTC 362 IN Data Raw: 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 0a 74 61 62 6c 65 20 7b 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 7d 0a 74 61 62 6c 65 2e 73 6d 61 6c 6c 65 72 74 68 20 74 68 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 0a 74 61 62 6c 65 2e 74 69 67 68 74 20 74 64 20 7b 70 61 64 64 69 6e 67 3a 31 70 78 3b 7d 0a 74 61 62 6c 65 2e 6e 6f 62 6f 72 64 65 72 20 74 64 20 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 0a 74 61 62 6c 65 2e 68 6f 6d 65 70 61 67 65 20 74 68 20 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 3b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 77 69 64 74 68 3a 32 30 70 78 3b 68 65 69 67 68 74 3a 34 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 77 69 64 74 68 3a 32 32 30 70 Data Ascii: ration:none;}table {border-collapse:collapse;}table.smallerth th {font-size:1em;}table.tight td {padding:1px;}table.noborder td {border:none;}table.homepage th {border-right-style:solid;border-right-width:20px;height:40px;text-align:center;width:220p
2022-03-03 07:35:30 UTC 378 IN Data Raw: 69 6e 70 75 74 20 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 61 75 74 6f 3b 7d 0a 09 66 6f 72 6d 2e 73 74 64 31 20 6c 61 62 65 6c 2e 63 68 6b 42 6f 78 20 73 65 6c 65 63 74 2c 20 66 6f 72 6d 2e 73 74 64 30 20 6c 61 62 65 6c 2e 63 68 6b 42 6f 78 20 73 65 6c 65 63 74 20 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 61 75 74 6f 3b 7d 0a 09 66 6f 72 6d 20 6c 61 62 65 6c 2e 63 68 6b 42 6f 78 20 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 32 70 78 3b 77 69 64 74 68 3a 61 75 74 6f 3b 7d 0a 09 64 69 76 2e 73 65 74 75 70 57 69 7a 61 72 64 20 2e 74 69 74 6c 65 20 Data Ascii: input {display:block !important;margin-top:auto;}form.std1 label.chkBox select, form.std0 label.chkBox select {display:block !important;margin-top:auto;}form label.chkBox {display:block;float:none;margin-top:-22px;width:auto;}div.setupWizard .title
2022-03-03 07:35:30 UTC 378 IN Data Raw: 74 63 68 41 6c 69 61 73 46 6f 72 6d 20 6c 61 62 65 6c 20 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 70 61 64 64 69 6e 67 3a 38 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 30 70 78 3b 7d 0a 09 23 73 77 69 74 63 68 41 6c 69 61 73 46 6f 72 6d 20 73 65 6c 65 63 74 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 65 6d 3b 7d 20 2a 2f 0a 09 2f 2a 2e 6c 6f 67 6f 20 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 66 6c 6f 61 74 3a 6c 65 66 74 20 21 69 6d 70 6f 72 74 61 6e 74 3b 77 69 64 74 68 3a 61 75 74 6f 3b 7d 2a 2f 0a 09 2e 6c 6f 67 6f 49 6d 61 67 65 20 7b 77 69 64 74 68 3a 39 33 70 78 3b 70 61 64 64 69 6e 67 3a 31 32 70 78 20 32 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 Data Ascii: tchAliasForm label {font-weight:bold;padding:8px;margin-right:10px;}#switchAliasForm select {font-size:1.3em;} *//*.logo {position:relative;float:left !important;width:auto;}*/.logoImage {width:93px;padding:12px 2px;margin-left:0px;text-align:center
TimestampkBytestransferred
Direction Data
• WINWORD.EXE
• chrome.exe
• chrome.exe
Statistics
Behavior
Copyright Joe Security LLC 2022 Page 128 of 135
Click to jump to process
Target ID: 0
Start time: 08:34:45
Start date: 03/03/2022
Path: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
Wow64 process (32bit): true
Commandline: "C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
Imagebase: 0x850000
File size: 1937688 bytes
MD5 hash: 0B9AB9B9C4DE429473D6450D4297A123
Has elevated privileges: true
Has administrator privileges:
true
Programmed in: C, C++ or other language
Reputation: high
Key Path Completion Count Source Address Symbol
HKEY_CURRENT_USER\Software\Microsoft\VBA success or wait 1 659F8A84 RegCreateKeyExA
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1 success or wait 1 659F8A84 RegCreateKeyExA
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common success or wait 1 659F8A84 RegCreateKeyExA
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import success or wait 1 659E5805 unknown
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery success or wait 1 659E5805 unknown
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\2F709 success or wait 1 659E5805 unknown
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations success or wait 1 659E5805 unknown
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0 success or wait 1 659E5805 unknown
Key Path Name Type Data Completion Count Source Address Symbol
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Name unicode Recover Text from Any File success or wait 1 659E5805 unknown
System Behavior
Analysis Process: WINWORD.EXE PID: 3076, Parent PID: 744
General
File Activities
Registry Activities
Key Created
Key Value Created
Copyright Joe Security LLC 2022 Page 129 of 135
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Path unicode C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV
success or wait 1 659E5805 unknown
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Extensions unicode * success or wait 1 659E5805 unknown
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Cambria Math binary 02 04 05 03 05 04 06 03 02 04 success or wait 1 659E5805 unknown
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Segoe UI binary 02 0B 05 02 04 02 04 02 02 03 success or wait 1 659E5805 unknown
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\2F709
2F709 binary 04 00 00 00 04 0C 00 00 2A 00 00 00 43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00 5C 00 68 00 61 00 72 00 64 00 7A 00 5C 00 41 00 70 00 70 00 44 00 61 00 74 00 61 00 5C 00 4C 00 6F 00 63 00 61 00 6C 00 5C 00 54 00 65 00 6D 00 70 00 5C 00 69 00 6D 00 67 00 73 00 2E 00 68 00 74 00 6D 00 08 00 00 00 69 00 6D 00 67 00 73 00 2E 00 68 00 74 00 6D 00 00 00 00 00 01 00 00 00 00 00 00 00 F4 01 7C B9 1C 2F D8 01 09 F7 02 00 09 F7 02 00 00 00 00 00 DB 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
success or wait 1 659E5805 unknown
Key Path Name Type Data Completion Count Source Address Symbol
Copyright Joe Security LLC 2022 Page 130 of 135
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
File Path unicode C:\Users\user\AppData\Local\Temp\imgs.htm
success or wait 1 659E5805 unknown
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
Datetime unicode 2022-03-03T08:35 success or wait 1 659E5805 unknown
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
Position unicode 921512637 0 success or wait 1 659E5805 unknown
Key Path Name Type Data Completion Count Source Address Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress
Symbol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles dword 1415774224 1415774225 success or wait 1 659E5805 unknown
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles dword 1415774225 1415774226 success or wait 1 659E5805 unknown
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Name unicode Recover Text from Any File
WordPerfect 5.x success or wait 1 659E5805 unknown
Key Value Modified
Copyright Joe Security LLC 2022 Page 131 of 135
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Path unicode C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV
C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\WPFT532.CNV
success or wait 1 659E5805 unknown
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Extensions unicode * doc success or wait 1 659E5805 unknown
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Name unicode WordPerfect 5.x WordPerfect 6.x - 7.0 success or wait 1 659E5805 unknown
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Path unicode C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\WPFT532.CNV
C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\WPFT632.CNV
success or wait 1 659E5805 unknown
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Extensions unicode doc wpd doc success or wait 1 659E5805 unknown
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\2F709
2F709 binary 04 00 00 00 04 0C 00 00 2A 00 00 00 43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00 5C 00 68 00 61 00 72 00 64 00 7A 00 5C 00 41 00 70 00 70 00 44 00 61 00 74 00 61 00 5C 00 4C 00 6F 00 63 00 61 00 6C 00 5C 00 54 00 65 00 6D 00 70 00 5C 00 69 00 6D 00 67 00 73 00 2E 00 68 00 74 00 6D 00 08 00 00 00 69 00 6D 00 67 00 73 00 2E 00 68 00 74 00 6D 00 00 00 00 00 01 00 00 00 00 00 00 00 F4 01 7C B9 1C 2F D8 01 09 F7 02 00 09 F7 02 00 00 00 00 00 DB 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
04 00 00 00 04 0C 00 00 2A 00 00 00 43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00 5C 00 68 00 61 00 72 00 64 00 7A 00 5C 00 41 00 70 00 70 00 44 00 61 00 74 00 61 00 5C 00 4C 00 6F 00 63 00 61 00 6C 00 5C 00 54 00 65 00 6D 00 70 00 5C 00 69 00 6D 00 67 00 73 00 2E 00 68 00 74 00 6D 00 08 00 00 00 69 00 6D 00 67 00 73 00 2E 00 68 00 74 00 6D 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 F7 02 00 09 F7 02 00 00 00 00 00 DB 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
success or wait 1 659E5805 unknown
Key Path Name Type Old Data New Data Completion CountSourceAddress
Symbol
Copyright Joe Security LLC 2022 Page 132 of 135
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Key Path Name Type Old Data New Data Completion CountSourceAddress
Symbol
Copyright Joe Security LLC 2022 Page 133 of 135
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00
Key Path Name Type Old Data New Data Completion CountSourceAddress
Symbol
Target ID: 7
Start time: 08:35:20
Start date: 03/03/2022
Path: C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit): false
Commandline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://www.officefootballpool.com/pools.cfm?poolid=24147&p=2&pwd=bracket2022
Imagebase: 0x7ff68b0a0000
File size: 2150896 bytes
MD5 hash: C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges: true
Has administrator privileges:
true
Programmed in: C, C++ or other language
Reputation: high
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
File Path Access Attributes Options Completion Count Source Address Symbol
File Path Completion Count Source Address Symbol
Analysis Process: chrome.exe PID: 6792, Parent PID: 3088
General
File Activities
Copyright Joe Security LLC 2022 Page 134 of 135
Old File Path New File Path Completion Count Source Address Symbol
File Path Offset Length Value Ascii Completion Count Source Address Symbol
Key Path Completion Count Source Address Symbol
Key Path Name Type Data Completion Count Source Address Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress
Symbol
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr unicode 0 1 success or wait 1 7FF68B0DFC4B RegSetValueExW
Target ID: 8
Start time: 08:35:24
Start date: 03/03/2022
Path: C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit): false
Commandline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,3357430085027574762,3772695428950719861,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8
Imagebase: 0x7ff68b0a0000
File size: 2150896 bytes
MD5 hash: C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges: true
Has administrator privileges:
true
Programmed in: C, C++ or other language
Reputation: high
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
File Path Access Attributes Options Completion Count Source Address Symbol
File Path Completion Count Source Address Symbol
Old File Path New File Path Completion Count Source Address Symbol
File Path Offset Length Value Ascii Completion Count Source Address Symbol
⊘ No disassembly
Registry Activities
Key Value Modified
Analysis Process: chrome.exe PID: 3016, Parent PID: 6792
General
File Activities
Disassembly
Copyright Joe Security LLC 2022 Page 135 of 135