Edit tour

Windows Analysis Report
Palworld.exe

Overview

General Information

Sample name:	Palworld.exe
Analysis ID:	1383502
MD5:	a9181a14270ad54407a16516c05817be
SHA1:	9102e64d9101096509414208c228d8d93da8ad6d
SHA256:	0a661adf06c2bef40749e9eba17ffccef0eb0e76321a5a21ec11ca60c34fb0dc
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil

Writes many files with high entropy

Checks for available system drives (often done to infect USB drives)

Connects to many different domains

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Found dropped PE file which has not been started or loaded

Found evaded block containing many API calls

Found evasive API chain (date check)

Found evasive API chain (may stop execution after checking a module file name)

Found evasive API chain checking for process token information

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file contains strange resources

PE file does not import any functions

PE file overlay found

Sample file is different than original file name gathered from version info

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Stores files to the Windows start menu directory

Tries to load missing DLLs

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64_ra

Palworld.exe (PID: 3284 cmdline: C:\Users\user\Desktop\Palworld.exe MD5: A9181A14270AD54407A16516C05817BE)

chrome.exe (PID: 2364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2116,i,8841958676898613242,11507238833919217486,262144 /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 5356 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6212 --field-trial-handle=2116,i,8841958676898613242,11507238833919217486,262144 /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

dxwebsetup.exe (PID: 3760 cmdline: "C:\Users\user\Downloads\dxwebsetup.exe" MD5: 2CBD6AD183914A0C554F0739069E77D7)

dxwebsetup.exe (PID: 3160 cmdline: "C:\Users\user\Downloads\dxwebsetup.exe" MD5: 2CBD6AD183914A0C554F0739069E77D7)

dxwsetup.exe (PID: 5416 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe MD5: AC3A5F7BE8CD13A863B50AB5FE00B71C)

Palworld.exe (PID: 2688 cmdline: "C:\Users\user\Desktop\Palworld.exe" MD5: A9181A14270AD54407A16516C05817BE)

cleanup

Sigma Signatures

System Summary

Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe, CommandLine: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe, ParentCommandLine: "C:\Users\user\Downloads\dxwebsetup.exe" , ParentImage: C:\Users\user\Downloads\dxwebsetup.exe, ParentProcessId: 3160, ParentProcessName: dxwebsetup.exe, ProcessCommandLine: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe, ProcessId: 5416, ProcessName: dxwsetup.exe

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\", EventID: 13, EventType: SetValue, Image: C:\Users\user\Downloads\dxwebsetup.exe, ProcessId: 3160, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Window detected: Installing Microsoft(R) DirectX(R)Welcome to setup for DirectXThe DirectX setup wizard guides you through installation of DirectX Runtime Components. Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement. You must accept the agreement to continue the setup.MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT DIRECTX END USER RUNTIMEThese license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any Microsoft* updates* supplements* Internet-based services and * support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1. INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2. SCOPE OF LICENSE. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not* work around any technical limitations in the software;* reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;* make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;* publish the software for others to copy;* rent lease or lend the software;* transfer the software or this agreement to any third party; or* use the software for commercial software hosting services.3. BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4. DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5. EXPORT RESTRICTIONS. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting.6. SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7. ENTIRE AGREEMENT. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8. APPLICABLE LAW.a. United States. If you acquired the s

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.58:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49961 version: TLS 1.2

Source: Palworld.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: DSETUP.pdb source: dsetup.dll.17.dr
Source:	Binary string: DSETUP.pdb0 source: dsetup.dll.17.dr
Source:	Binary string: wextract.pdb source: dxwebsetup.exe, dxwebsetup.exe, 00000011.00000002.2542730863.0000000001001000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: dsetup32.pdb source: dsetup32.dll.17.dr
Source:	Binary string: BootstrapPackagedGame-Win64-Shipping.pdb source: Palworld.exe
Source:	Binary string: dxwsetup.pdb source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815367597.0000000000171000.00000020.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr
Source:	Binary string: wextract.pdbU source: dxwebsetup.exe, 0000000E.00000000.1809607279.0000000001001000.00000020.00000001.01000000.00000006.sdmp, dxwebsetup.exe, 00000011.00000002.2542730863.0000000001001000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: dxupdate.pdb source: dxwsetup.exe, dxwsetup.exe, 00000012.00000002.2551142071.000000006C681000.00000020.00000001.01000000.0000000B.sdmp

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: z:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: x:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: v:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: t:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: r:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: p:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: n:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: l:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: j:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: h:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: f:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: b:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: y:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: w:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: u:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: s:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: q:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: o:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: m:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: k:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: i:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: g:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: e:	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File opened: c:	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File opened: a:	Jump to behavior

Source: C:\Users\user\Downloads\dxwebsetup.exe	Code function: 17_2_01001C7F lstrcpy,lstrcpy,lstrcat,lstrcat,FindFirstFileA,lstrcpy,lstrcmp,lstrcmp,lstrcat,lstrcat,FindNextFileA,FindClose,RemoveDirectoryA,	17_2_01001C7F
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C68A3EB FindFirstFileA,FindClose,	18_2_6C68A3EB
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C68D86D GetWindowsDirectoryA,GetLastError,_strrchr,FindFirstFileA,FindFirstFileA,FindClose,FindClose,FindFirstFileA,FindClose,	18_2_6C68D86D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C691473 WideCharToMultiByte,GetLastError,WideCharToMultiByte,GetLastError,WideCharToMultiByte,_strrchr,WideCharToMultiByte,_strrchr,WideCharToMultiByte,_strrchr,WideCharToMultiByte,_memset,FindFirstFileA,FindClose,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	18_2_6C691473
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C68FB07 _memset,_memset,GetWindowsDirectoryA,GetLastError,_memset,FindFirstFileA,lstrcmpA,lstrcmpA,GetFileAttributesA,GetLastError,FindNextFileA,FindClose,	18_2_6C68FB07
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C68E7AF lstrcmpA,_memset,GetSystemDirectoryA,GetLastError,StringFromGUID2,WideCharToMultiByte,GetLastError,FindFirstFileA,FindNextFileA,FindClose,	18_2_6C68E7AF

Source: C:\Users\user\Downloads\dxwebsetup.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	File opened: C:\Users\user\AppData\Local\Temp\IXP000.TMP\	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	File opened: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior

Source: unknown

Network traffic detected: DNS query count 69

Source: Joe Sandbox View	IP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox View	IP Address: 13.249.39.8 13.249.39.8
Source: Joe Sandbox View	IP Address: 104.18.25.173 104.18.25.173
Source: Joe Sandbox View	IP Address: 13.107.213.41 13.107.213.41

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknown	TCP traffic detected without corresponding DNS query: 13.67.144.177
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknown	TCP traffic detected without corresponding DNS query: 13.67.144.177
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=NvNedGrehGN2W1y&MD=3Z8G6gZk HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.149&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.149Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=di&oit=1&cp=2&pgcl=7&gs_rn=42&psi=w2jj9Ekh5vGktcI5&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=dire&oit=1&cp=4&pgcl=7&gs_rn=42&psi=w2jj9Ekh5vGktcI5&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=direc&oit=1&cp=5&pgcl=7&gs_rn=42&psi=w2jj9Ekh5vGktcI5&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=direct&oit=1&cp=6&pgcl=7&gs_rn=42&psi=w2jj9Ekh5vGktcI5&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.GsbA68hXs80.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo899t-H8Lxb3OqzMDuPn6TV_i36ag/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=directx&oit=1&cp=7&pgcl=7&gs_rn=42&psi=w2jj9Ekh5vGktcI5&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
Source: global traffic	HTTP traffic detected: GET /search?q=directx+runtime&oq=directx&gs_lcrp=EgZjaHJvbWUqDQgBEAAYgwEYsQMYgAQyDwgAEEUYORiDARixAxiABDINCAEQABiDARixAxiABDINCAIQABiDARixAxiABDIKCAMQABixAxiABDIKCAQQABixAxiABDIHCAUQABiABDINCAYQABiDARixAxiABDIHCAcQABiABDINCAgQABiDARixAxiABDINCAkQABiDARixAxiABNIBCDQwNjFqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/2x/googlelogo_color_92x30dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=s82NdxBaGSH8HxMBLOcwvQpPzv4y-mUgW_d9F7q5R75kTlIRPMncU7iV21f6MmTKzsbm9O89dDCBLJZZNbykzIqZ9LcgUs96i2BkApgz8PH3PiG1Fhzsjr2PRztNhbt9gnl94FekHS0ArONy3z7WCbcUNDAac--5IhXnjkI59xc
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/search?q=directx+runtime&oq=directx&gs_lcrp=EgZjaHJvbWUqDQgBEAAYgwEYsQMYgAQyDwgAEEUYORiDARixAxiABDINCAEQABiDARixAxiABDINCAIQABiDARixAxiABDIKCAMQABixAxiABDIKCAQQABixAxiABDIHCAUQABiABDINCAYQABiDARixAxiABDIHCAcQABiABDINCAgQABiDARixAxiABDINCAkQABiDARixAxiABNIBCDQwNjFqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=s82NdxBaGSH8HxMBLOcwvQpPzv4y-mUgW_d9F7q5R75kTlIRPMncU7iV21f6MmTKzsbm9O89dDCBLJZZNbykzIqZ9LcgUs96i2BkApgz8PH3PiG1Fhzsjr2PRztNhbt9gnl94FekHS0ArONy3z7WCbcUNDAac--5IhXnjkI59xc
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.I0W95LBEUe0.O/am=ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE/d=1/ed=1/dg=2/br=1/rs=ACT90oEp1_FAvFBtywXdkASv2V22tHKmTQ/ee=AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KeeMUb:HiPxjc;KpRAue:Tia57b;LBgRLc:XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;PqHfGe:im2cZe;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZMvdv:PHFPjb;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;fWLTFc:TVBJbf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;hLUtwc:KB8OKd;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qGV2uc:HHi04c;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uknmt:GkPrzb;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;xbe2wc:uRMPBc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=attn,cdos,gwc,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow
Source: global traffic	HTTP traffic detected: GET /verify/ANsg4T5QHLvXpo4u06bQ1eEiExZGAYDL-COfDItNG4_cYY8YaN7qmLTCN_DEz-68J9Rsr_JOG2lQzsVa3hABiNicX3XPnK-qGPe1tOZGBNUUFvQmQfsQLw HTTP/1.1Host: id.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=s82NdxBaGSH8HxMBLOcwvQpPzv4y-mUgW_d9F7q5R75kTlIRPMncU7iV21f6MmTKzsbm9O89dDCBLJZZNbykzIqZ9LcgUs96i2BkApgz8PH3PiG1Fhzsjr2PRztNhbt9gnl94FekHS0ArONy3z7WCbcUNDAac--5IhXnjkI59xc
Source: global traffic	HTTP traffic detected: GET /compressiontest/gzip.html HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=rAZ8vlW45jD6CxStF9D5RSyHvu0bGUWZ7ZLxl3hqVfyBriTC9W2qXDLMMeubSpPywSbksKMUZBJ7RpVGHJnLGgqyyn8HsNP2mfC72QcsOSsai_Ja45lmwWy-2o866CgZJ03eHGmAd5uWYNK7PuVmhECbs2-t2WZ99Hbg8Pbu1GQ6fUpnVJiP2Kev4NIjLvqI1tnq; GZ=Z=0
Source: global traffic	HTTP traffic detected: GET /vi/m5Xz14RNOEE/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3k77br3KKy0bjWbmhAEHJOrBx75iw HTTP/1.1Host: i.ytimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz-serp&xssi=t&gs_pcrt=2&hl=en&authuser=0&pq=directx%20runtime&psi=Kze5ZY_EKtunqtsPm7mdiAw.1706637100809&dpr=1&ofp=GJrdgLGE5beKmQEYj7nR6tHOn6peGIGjt8XCkruerAEY5MrUtIevsffuARi4qbvXxoPa_io&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=rAZ8vlW45jD6CxStF9D5RSyHvu0bGUWZ7ZLxl3hqVfyBriTC9W2qXDLMMeubSpPywSbksKMUZBJ7RpVGHJnLGgqyyn8HsNP2mfC72QcsOSsai_Ja45lmwWy-2o866CgZJ03eHGmAd5uWYNK7PuVmhECbs2-t2WZ99Hbg8Pbu1GQ6fUpnVJiP2Kev4NIjLvqI1tnq
Source: global traffic	HTTP traffic detected: GET /complete/search?q=directx%20runtime&cp=0&client=desktop-gws-wiz-on-focus-serp&xssi=t&gs_pcrt=3&hl=en&authuser=0&pq=directx%20runtime&psi=Kze5ZY_EKtunqtsPm7mdiAw.1706637100809&dpr=1&ofp=EAEYmt2AsYTlt4qZARiPudHq0c6fql4YgaO3xcKSu56sARjkytS0h6-x9-4BGLipu9fGg9r-KjLkAQoaChhkaXJlY3R4IHJ1bnRpbWUgdmFsb3JhbnQKDAoKZGlyZWN0eCAxMgofCh1kaXJlY3R4IHJ1bnRpbWUgZnJlZSBkb3dubG9hZAolCiNkaXJlY3R4IHJ1bnRpbWUgZG93bmxvYWQgd2luZG93cyAxMAoMCgpkaXJlY3R4IDExChUKE2RpcmVjdHggMTIgZG93bmxvYWQKLAoqZGlyZWN0eCBlbmQtdXNlciBydW50aW1lIG9mZmxpbmUgaW5zdGFsbGVyChsKGWRpcmVjdHggb2ZmbGluZSBpbnN0YWxsZXIQRw HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=rAZ8vlW45jD6CxStF9D5RSyHvu0bGUWZ7ZLxl3hqVfyBriTC9W2qXDLMMeubSpPywSbksKMUZBJ7RpVGHJnLGgqyyn8HsNP2mfC72QcsOSsai_Ja45lmwWy-2o866CgZJ03eHGmAd5uWYNK7PuVmhECbs2-t2WZ99Hbg8Pbu1GQ6fUpnVJiP2Kev4NIjLvqI1tnq
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=1/k=xjs.s.en_US.I0W95LBEUe0.O/ck=xjs.s.gMJ68YNNwbg.L.W.O/am=ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE/rs=ACT90oFZDsl90NCgJVwLue8CtZZoxDzQ2w HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=rAZ8vlW45jD6CxStF9D5RSyHvu0bGUWZ7ZLxl3hqVfyBriTC9W2qXDLMMeubSpPywSbksKMUZBJ7RpVGHJnLGgqyyn8HsNP2mfC72QcsOSsai_Ja45lmwWy-2o866CgZJ03eHGmAd5uWYNK7PuVmhECbs2-t2WZ99Hbg8Pbu1GQ6fUpnVJiP2Kev4NIjLvqI1tnq
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.I0W95LBEUe0.O/ck=xjs.s.gMJ68YNNwbg.L.W.O/am=ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE/d=1/exm=SNUn3,attn,cEt90b,cdos,csi,d,dtl0hd,eHDfl,gwc,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/excm=ABxRVc,AD6AIb,B0xr7b,CTwd8,CWOfE,CX5LId,CdOg1,D1J6He,FmnE6b,FuQWyc,GRJ32c,GXyz1,JxE93,KiXlnd,MRb7nf,NmR9jd,NsEUGe,Oa7Qpb,Ok4XMd,PE728b,PoJj8d,PvSBGf,QNvmne,RSlfle,TO0csb,TnXlGd,Trirbc,TurKxc,U3Ovcc,U6nlJe,UQpTU,UiPhkb,Uznx4d,VZLyBe,WxJ6g,XDlt7d,XHo6qe,XTkmZd,XbupY,YuNOCb,ZGLUZ,ZrXR8b,Zudxcb,a3cZoc,adn7N,ak946,bXyZdf,cKV22c,du3Q4e,eTv59e,f26on,fNMhz,hfJ9hb,jJtSzc,jkRPje,kCkfUb,kOSi0d,mL4hG,oXRDzc,pIseB,pMwOEe,pQk1fc,qngJBf,r24bR,rL2AR,sU6eaf,tlA71,tzTB5,vJPFse,vhpQNc,y25qZb,yChgtb,yfH2Bd,yn9Ffd,ypVg7e,yuQBec,zjNhL,zs9f9d/ed=1/dg=2/br=1/ujg=1/rs=ACT90oFZDsl90NCgJVwLue8CtZZoxDzQ2w/ee=AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KeeMUb:HiPxjc;KpRAue:Tia57b;LBgRLc:XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;PqHfGe:im2cZe;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZMvdv:PHFPjb;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;fWLTFc:TVBJbf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;hLUtwc:KB8OKd;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qGV2uc:HHi04c;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uknmt:GkPrzb;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;xbe2wc:uRMPBc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=ABJeBb,Da4hkd,Eox
Source: global traffic	HTTP traffic detected: GET /client_204?atyp=i&biw=1034&bih=870&dpr=1&ei=Kze5ZY_EKtunqtsPm7mdiAw&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=rAZ8vlW45jD6CxStF9D5RSyHvu0bGUWZ7ZLxl3hqVfyBriTC9W2qXDLMMeubSpPywSbksKMUZBJ7RpVGHJnLGgqyyn8HsNP2mfC72QcsOSsai_Ja45lmwWy-2o866CgZJ03eHGmAd5uWYNK7PuVmhECbs2-t2WZ99Hbg8Pbu1GQ6fUpnVJiP2Kev4NIjLvqI1tnq; GZ=Z=0
Source: global traffic	HTTP traffic detected: GET /images/icons/material/system/1x/email_grey600_24dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=rAZ8vlW45jD6CxStF9D5RSyHvu0bGUWZ7ZLxl3hqVfyBriTC9W2qXDLMMeubSpPywSbksKMUZBJ7RpVGHJnLGgqyyn8HsNP2mfC72QcsOSsai_Ja45lmwWy-2o866CgZJ03eHGmAd5uWYNK7PuVmhECbs2-t2WZ99Hbg8Pbu1GQ6fUpnVJiP2Kev4NIjLvqI1tnq; GZ=Z=0
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.GsbA68hXs80.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo899t-H8Lxb3OqzMDuPn6TV_i36ag/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=rAZ8vlW45jD6CxStF9D5RSyHvu0bGUWZ7ZLxl3hqVfyBriTC9W2qXDLMMeubSpPywSbksKMUZBJ7RpVGHJnLGgqyyn8HsNP2mfC72QcsOSsai_Ja45lmwWy-2o866CgZJ03eHGmAd5uWYNK7PuVmhECbs2-t2WZ99Hbg8Pbu1GQ6fUpnVJiP2Kev4NIjLvqI1tnq
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.I0W95LBEUe0.O/ck=xjs.s.gMJ68YNNwbg.L.W.O/am=ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE/d=0/excm=ABxRVc,AD6AIb,B0xr7b,CTwd8,CWOfE,CX5LId,CdOg1,D1J6He,FmnE6b,FuQWyc,GRJ32c,GXyz1,JxE93,KiXlnd,MRb7nf,NmR9jd,NsEUGe,Oa7Qpb,Ok4XMd,PE728b,PoJj8d,PvSBGf,QNvmne,RSlfle,TO0csb,TnXlGd,Trirbc,TurKxc,U3Ovcc,U6nlJe,UQpTU,UiPhkb,Uznx4d,VZLyBe,WxJ6g,XDlt7d,XHo6qe,XTkmZd,XbupY,YuNOCb,ZGLUZ,ZrXR8b,Zudxcb,a3cZoc,adn7N,ak946,bXyZdf,cKV22c,du3Q4e,eTv59e,f26on,fNMhz,hfJ9hb,jJtSzc,jkRPje,kCkfUb,kOSi0d,mL4hG,oXRDzc,pIseB,pMwOEe,pQk1fc,qngJBf,r24bR,rL2AR,sU6eaf,tlA71,tzTB5,vJPFse,vhpQNc,y25qZb,yChgtb,yfH2Bd,yn9Ffd,ypVg7e,yuQBec,zjNhL,zs9f9d/ed=1/dg=2/br=1/ujg=1/rs=ACT90oFZDsl90NCgJVwLue8CtZZoxDzQ2w/m=sb_wiz,aa,abd,syr9,syrg,syrh,syrf,syri,sy10x,async,sy1ke,bgd,sy3a2,sy3a3,foot,sy1jz,sy5xh,kyn,sy2z2,lli,mu,sf,sy2kq,sy2kr,sy5yc,sonic,TxCJfd,sy6fl,sy6fm,qzxzOb,IsdWVc,sy1tb,sy2eo,sy1tf,sy2rn,sy6fk,syed,sy1ku,sy6fo,spch,tl,syyu,sync,syrc,syrd,sy1ll,sy1lm,sy1ln,EkevXb,sys9,SZXsif,sy11x,fiAufb,sys5,sy1jk,sy1jj,sy2kz,sy39h,sy3cy,sy3cz,sy3cx,sy3qg,sYEX8b,sy1l7,NEW1Qc,xBbsrc,sy1k1,sy1l9,IX53Tb,sywj,sywk,NO84gd,sy1h9,E9M6Uc,Zilivc,sy1qm,sy1qr,b5lhvb,IoGlCf,syv6,syv7,C8HsP,sywl,sywm,gOTY1,sywq,sywp,syws,sywt,sywv,sywu,syww,sy1sv,sy1sy,sy1ov,sy1o4,sy1nz,sy1ss,sy1st,sy1nf,sy1sq,sy1su,sy1sr,sy1sw,sy1sx,sy1sz,sy1t0,sy1t1,sy1t2,RJ1Nyd,syre,sy28z,C8ffD,sy290,sy292,ZUBru,sy291,sy293,sy294,rTuANe,syz9,sy2qb,yfZcPd,syyv,syyw,Dpem5c,syyr,sy282,sy28u,sy28v,sy28x,sy28w,sy28y,Fy1Pv,sy3ax,ROaKxe,sy3ay,sy3az,pj8IAe,sy3pi,vRe0ve,sy3pg,oWVrne,syz2,sy1a6,sy1a7,sy2aa,sy2a3,sy2a5,sy2rg,sy2a9,sy2rh,sy2ri,sy2rs,sy2v2,sy3b2,sy3pj,sy6fp,ogmBcd,sy2a6,sy3pf,Gg40M,sy477,GU4Gab,syuo,UBXHI,syup,R3fhkb,sy4e8,sy6q7,Q59Rjf,sy46l,T5VV,sy455,aDVF7,sy479,rhYw1b,sy1qf,sy1qj,sy1qk,Hlw0zd,M6QgBb,sy1qp,sy1qy,EO13pd,MpJwZc,UUJqVe,sy7d,sOXFj,sy7c,s39S4,NTMZac,nAFL3,oGtAuc,sy86,sy87,q0xTif,y05UD,sy123,sy124,sy125,sy126,sy127,sy12l,sy12m,sy1ge,sy1gf,sy1fd,sy314,sy1d1,sy1cx,sy1rn,sy1cy,sy1dh,sy1di,sy1d5,sy14l,sy1d4,sy1dl,sy1dk,sy1dm,sy1dn,syep,sy182,sy189,sy2np,sy2nq,sy2nr,sy1ds,sy2nz,syjt,sy3cr,sy3cs,sy6gm,sy18f,sy1cs,sy1ct,sy1cv,sy1d2,sy2ny,sy2o6,sy6gn,epYOx?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi
Source: global traffic	HTTP traffic detected: GET /async/asyncContextualTask?vet=12ahUKEwjPhdrQ1oWEAxXbk2oFHZtcB8EQ4dMLegQIDhAA..i&ei=Kze5ZY_EKtunqtsPm7mdiAw&opi=89978449&yv=3&cid=9103415834496958732&cs=0&async=_ck:xjs.s.gMJ68YNNwbg.L.W.O,_k:xjs.s.en_US.I0W95LBEUe0.O,_am:ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE,_csss:ACT90oEuPDpRISdXedwyDAkLFqogPDiTdA,_fmt:prog,_id:rNi7Zc HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=rAZ8vlW45jD6CxStF9D5RSyHvu0bGUWZ7ZLxl3hqVfyBriTC9W2qXDLMMeubSpPywSbksKMUZBJ7RpVGHJnLGgqyyn8HsNP2mfC72QcsOSsai_Ja45lmwWy-2o866CgZJ03eHGmAd5uWYNK7PuVmhECbs2-t2WZ99Hbg8Pbu1GQ6fUpnVJiP2Kev4NIjLvqI1tnq; GZ=Z=0
Source: global traffic	HTTP traffic detected: GET /async/asyncContextualTask?vet=12ahUKEwjPhdrQ1oWEAxXbk2oFHZtcB8EQ4dMLegQIDRAA..i&ei=Kze5ZY_EKtunqtsPm7mdiAw&opi=89978449&yv=3&cid=3258071689962503910&cs=0&async=_ck:xjs.s.gMJ68YNNwbg.L.W.O,_k:xjs.s.en_US.I0W95LBEUe0.O,_am:ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE,_csss:ACT90oEuPDpRISdXedwyDAkLFqogPDiTdA,_fmt:prog,_id:rNi7Zc HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=rAZ8vlW45jD6CxStF9D5RSyHvu0bGUWZ7ZLxl3hqVfyBriTC9W2qXDLMMeubSpPywSbksKMUZBJ7RpVGHJnLGgqyyn8HsNP2mfC72QcsOSsai_Ja45lmwWy-2o866CgZJ03eHGmAd5uWYNK7PuVmhECbs2-t2WZ99Hbg8Pbu1GQ6fUpnVJiP2Kev4NIjLvqI1tnq; GZ=Z=0
Source: global traffic	HTTP traffic detected: GET /async/asyncContextualTask?vet=12ahUKEwjPhdrQ1oWEAxXbk2oFHZtcB8EQ4dMLegQIDBAA..i&ei=Kze5ZY_EKtunqtsPm7mdiAw&opi=89978449&yv=3&cid=7017065288382140415&cs=0&async=_ck:xjs.s.gMJ68YNNwbg.L.W.O,_k:xjs.s.en_US.I0W95LBEUe0.O,_am:ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE,_csss:ACT90oEuPDpRISdXedwyDAkLFqogPDiTdA,_fmt:prog,_id:rNi7Zc HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=rAZ8vlW45jD6CxStF9D5RSyHvu0bGUWZ7ZLxl3hqVfyBriTC9W2qXDLMMeubSpPywSbksKMUZBJ7RpVGHJnLGgqyyn8HsNP2mfC72QcsOSsai_Ja45lmwWy-2o866CgZJ03eHGmAd5uWYNK7PuVmhECbs2-t2WZ99Hbg8Pbu1GQ6fUpnVJiP2Kev4NIjLvqI1tnq; GZ=Z=0
Source: global traffic	HTTP traffic detected: GET /async/bgasy?ei=Kze5ZY_EKtunqtsPm7mdiAw&opi=89978449&yv=3&cs=0&async=_fmt:jspb HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=rAZ8vlW45jD6CxStF9D5RSyHvu0bGUWZ7ZLxl3hqVfyBriTC9W2qXDLMMeubSpPywSbksKMUZBJ7RpVGHJnLGgqyyn8HsNP2mfC72QcsOSsai_Ja45lmwWy-2o866CgZJ03eHGmAd5uWYNK7PuVmhECbs2-t2WZ99Hbg8Pbu1GQ6fUpnVJiP2Kev4NIjLvqI1tnq; GZ=Z=0
Source: global traffic	HTTP traffic detected: GET /client_204?cs=1&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=rAZ8vlW45jD6CxStF9D5RSyHvu0bGUWZ7ZLxl3hqVfyBriTC9W2qXDLMMeubSpPywSbksKMUZBJ7RpVGHJnLGgqyyn8HsNP2mfC72QcsOSsai_Ja45lmwWy-2o866CgZJ03eHGmAd5uWYNK7PuVmhECbs2-t2WZ99Hbg8Pbu1GQ6fUpnVJiP2Kev4NIjLvqI1tnq; GZ=Z=0; DV=U668bcM7gEwXUJHHJ0xN1v-ETPi31Rg
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.I0W95LBEUe0.O/ck=xjs.s.gMJ68YNNwbg.L.W.O/am=ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE/d=0/excm=ABxRVc,AD6AIb,B0xr7b,CTwd8,CWOfE,CX5LId,CdOg1,D1J6He,FmnE6b,FuQWyc,GRJ32c,GXyz1,JxE93,KiXlnd,MRb7nf,NmR9jd,NsEUGe,Oa7Qpb,Ok4XMd,PE728b,PoJj8d,PvSBGf,QNvmne,RSlfle,TO0csb,TnXlGd,Trirbc,TurKxc,U3Ovcc,U6nlJe,UQpTU,UiPhkb,Uznx4d,VZLyBe,WxJ6g,XDlt7d,XHo6qe,XTkmZd,XbupY,YuNOCb,ZGLUZ,ZrXR8b,Zudxcb,a3cZoc,adn7N,ak946,bXyZdf,cKV22c,du3Q4e,eTv59e,f26on,fNMhz,hfJ9hb,jJtSzc,jkRPje,kCkfUb,kOSi0d,mL4hG,oXRDzc,pIseB,pMwOEe,pQk1fc,qngJBf,r24bR,rL2AR,sU6eaf,tlA71,tzTB5,vJPFse,vhpQNc,y25qZb,yChgtb,yfH2Bd,yn9Ffd,ypVg7e,yuQBec,zjNhL,zs9f9d/ed=1/dg=2/br=1/ujg=1/rs=ACT90oFZDsl90NCgJVwLue8CtZZoxDzQ2w/m=uKlGbf,sy1wl,sy3ap,DpX64d,sy3aq,EufiNb,sytm,P10Owf,synl,synv,gSZvdb,sy57c,vTw9Fc,sy1th,sy5de,SC7lYd,eTVOC,Pq506,kpAr,AjRVIe,tE6Rzd,phecbc,q28gvc,g0Ekse,jtFQAf,rKbWof,bIMMof,ARtdse,sy1wv,sy1ww,p2I2Je,z2eFcc,QzraZb,I9JIjc,nzu4Ud,gGYzg,FjjTod,tDA9G,UX8qee,tW711b,R6UkWb,xMHx5e,TnJGKb,SnmExf,synh,syr4,syhf,syih,sywz,syyf,syyg,Mbif2,syi3,syiy,sykd,syke,syk5,sykf,sykg,sysd,syhm,syhq,syi7,syiv,sy1al,syii,sy1am,sy1h7,sy1cg,sy1hb,sy1jd,sy1jc,sy1jq,sy1jr,sy1k0,sy1ms,sy1pd,sy1ou,sy1om,sy1p8,sy1p1,sy1p9,sy1pa,sy1pe,sy1pf,sy1ox,sy1pb,sy1px,sy1pw,sy1t3,sy1t4,sy1t5,sy1t9,sy1t8,sy1t6,sy1tr,sy1wo,sy1wx,syhc,sy1x2,sy1z1,syht,sy1z5,sy1wy,sy1x0,sy1x1,sy1x3,sy1x6,sy1x5,sy1wz,sy1x7,sy1x8,sy1x9,sy1xa,syi0,syim,sy1xe,sy1xf,sy1xg,syjw,syhs,syju,syjx,syrx,sy1xb,sy1xd,sy1xc,syh5,syh6,syi5,syi9,syis,syjn,syjo,syjq,syjs,sy1xj,sy1xk,sy1xi,sy1xl,sy1xm,syk4,sykq,sykr,syks,sykt,syku,sykv,sykw,sykx,syky,sykz,syl0,syl1,syl2,syl3,syl4,syl5,syl6,syl7,syl8,syl9,syla,sylb,sylc,syld,syle,sylf,sylg,sylh,sygq,syli,sylj,sylk,syll,sylm,syln,sy1xp,sy1xo,sy1xn,sy1xq,sy1xr,syk1,sy1xt,syk2,syk6,syk8,syka,sy1xu,sy1xv,sy1xw,syi4,sym9,syma,sy1xx,sy1bu,sy1wq,sy1xz,sy1y0,sy1y1,sy1y2,sy1y3,syho,syy5,syy2,syy6,syhk,syy7,syxh,syy8,syy9,sy1y6,sy1y7,sym7,sy1y5,sy1y8,sy1y9,sy1y4,sy1xy,sy1ya,sy1ea,sy1yi,syhd,syi8,syiu,syxz,syy0,syiw,sylz,symn,syy1,syy3,syz8,sy1e4,sy1e5,sy1eb,sy1ed,sy1ee,sy1xh,sy1yf,sy1yh,sy1yj,sy1ym,sy1yl,sy1yn,sy1yo,sy1yk,sy1yp,sy1yq,sy1yr,sy1ys,syjf,syjh,syjb,syjj,syjm,syr1,syr3,sy1yt,sy1yu,sykj,sykk,sykh,syki,syng,sy1yw,sy1yv,sy1yx,sykm,sykn,sykp,syso,sy1yz,sy1yy,sy1z0,sy1z2,sy1z3,sy1z4,sy1z6,sy1bp,sy1bq,syh8,syhu,sy1br,sy1bs,sy1bt,sy1w5,sy1w4,sy1w7,sy1x4,syxl,syxm,syxn,syxo,syxp,syxq,syxs,syxt,syxu,syxv,syxw,syxx,sy1yb,syj1,syxk,sy1yc,sy1yd,sy1ye,sy1z8,sy1z9,sy1z7,symb,sy1xs,sy1yg,sy1zb,sy1zc,sy1za,sy1zd,sy1ze,sy1zf,sy1zg,sy1zh,sy1zi,sy1zk,sy1zj,sy1zl,sy1ow,sy1p5,sy1zm,sy1zn,syij,sy1zo,sy1zp,syj6,sy1zq,sy1zr,sy1zs,syxy,sy1zt,sy1zu,exgaYe,sy1k3,sy3ph,bpec7b,sy1j8,sy20o,rhe7Pb,synf,synj,synk,DPreE,sy4u1,sy6vg,FH3rkc,sy3b0,sy3b1,qcH9Lc,sy2pr,sy3b3,YFicMc?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Goog
Source: global traffic	HTTP traffic detected: GET /async/asyncContextualTask?vet=12ahUKEwjPhdrQ1oWEAxXbk2oFHZtcB8EQ4dMLegQIDhAA..i&ei=Kze5ZY_EKtunqtsPm7mdiAw&opi=89978449&yv=3&cid=9103415834496958732&cs=0&async=_ck:xjs.s.gMJ68YNNwbg.L.W.O,_k:xjs.s.en_US.I0W95LBEUe0.O,_am:ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE,_csss:ACT90oEuPDpRISdXedwyDAkLFqogPDiTdA,_fmt:prog,_id:rNi7Zc HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; GZ=Z=0; DV=U668bcM7gEwXUJHHJ0xN1v-ETPi31Rg; NID=511=FFnG6Cruye5Kyg5RqYGJ2WnltgKVzilQohEElWvHlsKwKeqpmikRbwhs-SpYWi79yUNWJRtOrFwRCPLJzSUQvg3BccW7HepEoxBmNAqYIoFq5MgG2ccXtEgsL3nCf4Pw4xkQsxyVf1aUP9zmu7ZUkGD1cQm1ExYbk_aI4Z_B-Gpzd8AAerdrpqvC5prqx5be7R4-GSWEYI1Fkv4
Source: global traffic	HTTP traffic detected: GET /async/asyncContextualTask?vet=12ahUKEwjPhdrQ1oWEAxXbk2oFHZtcB8EQ4dMLegQIDRAA..i&ei=Kze5ZY_EKtunqtsPm7mdiAw&opi=89978449&yv=3&cid=3258071689962503910&cs=0&async=_ck:xjs.s.gMJ68YNNwbg.L.W.O,_k:xjs.s.en_US.I0W95LBEUe0.O,_am:ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE,_csss:ACT90oEuPDpRISdXedwyDAkLFqogPDiTdA,_fmt:prog,_id:rNi7Zc HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; GZ=Z=0; DV=U668bcM7gEwXUJHHJ0xN1v-ETPi31Rg; NID=511=FFnG6Cruye5Kyg5RqYGJ2WnltgKVzilQohEElWvHlsKwKeqpmikRbwhs-SpYWi79yUNWJRtOrFwRCPLJzSUQvg3BccW7HepEoxBmNAqYIoFq5MgG2ccXtEgsL3nCf4Pw4xkQsxyVf1aUP9zmu7ZUkGD1cQm1ExYbk_aI4Z_B-Gpzd8AAerdrpqvC5prqx5be7R4-GSWEYI1Fkv4
Source: global traffic	HTTP traffic detected: GET /async/asyncContextualTask?vet=12ahUKEwjPhdrQ1oWEAxXbk2oFHZtcB8EQ4dMLegQIDBAA..i&ei=Kze5ZY_EKtunqtsPm7mdiAw&opi=89978449&yv=3&cid=7017065288382140415&cs=0&async=_ck:xjs.s.gMJ68YNNwbg.L.W.O,_k:xjs.s.en_US.I0W95LBEUe0.O,_am:ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE,_csss:ACT90oEuPDpRISdXedwyDAkLFqogPDiTdA,_fmt:prog,_id:rNi7Zc HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; GZ=Z=0; DV=U668bcM7gEwXUJHHJ0xN1v-ETPi31Rg; NID=511=FFnG6Cruye5Kyg5RqYGJ2WnltgKVzilQohEElWvHlsKwKeqpmikRbwhs-SpYWi79yUNWJRtOrFwRCPLJzSUQvg3BccW7HepEoxBmNAqYIoFq5MgG2ccXtEgsL3nCf4Pw4xkQsxyVf1aUP9zmu7ZUkGD1cQm1ExYbk_aI4Z_B-Gpzd8AAerdrpqvC5prqx5be7R4-GSWEYI1Fkv4
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.I0W95LBEUe0.O/ck=xjs.s.gMJ68YNNwbg.L.W.O/am=ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE/d=0/dg=2/br=1/ujg=1/rs=ACT90oFZDsl90NCgJVwLue8CtZZoxDzQ2w/m=sy3av,sy3qf,w4UyN,sy1j6,QKZgZd,sy1jf,sy1jg,Qj0suc,JXS8fb,sy1je,sy1ji,sy1jl,sy1jm,sy1jn,sy1jo,sy1jp,sy1js,Wct42,sysh,LiBxPe,sy46v,sy6kg,J9Q59e,sy46w,a6Sgfb?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; GZ=Z=0; DV=U668bcM7gEwXUJHHJ0xN1v-ETPi31Rg; NID=511=FFnG6Cruye5Kyg5RqYGJ2WnltgKVzilQohEElWvHlsKwKeqpmikRbwhs-SpYWi79yUNWJRtOrFwRCPLJzSUQvg3BccW7HepEoxBmNAqYIoFq5MgG2ccXtEgsL3nCf4Pw4xkQsxyVf1aUP9zmu7ZUkGD1cQm1ExYbk_aI4Z_B-Gpzd8AAerdrpqvC5prqx5be7R4-GSWEYI1Fkv4
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.I0W95LBEUe0.O/ck=xjs.s.gMJ68YNNwbg.L.W.O/am=ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE/d=0/dg=2/br=1/ujg=1/rs=ACT90oFZDsl90NCgJVwLue8CtZZoxDzQ2w/m=WlNQGd,sy1le,sy1lf,nabPbb,sysv,sysw,sysz,syt0,syt2,syt3,sy3ps,sy6fi,VD4Qme,syew,BYwJlf,syqz,syr0,syr2,VEbNoe,sy297,sy299,sy29a,sy29b,NVlnE,sy298,Dq2Yjb,sy28r,sy28s,qmdEUe,sy29c,sy29d,UqGwg,sy4my,ND0kmf,sy1ja,sy1jb,uLYJpc,sy1j7,n7qy6d,sy1j9,HPGtmd,pjDTFb,sy279,sy27a,sy27b,KgxeNb,sy27d,khkNpe,sy3au,EfPGub?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; GZ=Z=0; DV=U668bcM7gEwXUJHHJ0xN1v-ETPi31Rg; NID=511=FFnG6Cruye5Kyg5RqYGJ2WnltgKVzilQohEElWvHlsKwKeqpmikRbwhs-SpYWi79yUNWJRtOrFwRCPLJzSUQvg3BccW7HepEoxBmNAqYIoFq5MgG2ccXtEgsL3nCf4Pw4xkQsxyVf1aUP9zmu7ZUkGD1cQm1ExYbk_aI4Z_B-Gpzd8AAerdrpqvC5prqx5be7R4-GSWEYI1Fkv4
Source: global traffic	HTTP traffic detected: GET /async/asyncContextualTask?vet=12ahUKEwjPhdrQ1oWEAxXbk2oFHZtcB8EQ4dMLegQIDhAA..i&ei=Kze5ZY_EKtunqtsPm7mdiAw&opi=89978449&yv=3&cid=9103415834496958732&cs=0&async=_ck:xjs.s.gMJ68YNNwbg.L.W.O,_k:xjs.s.en_US.I0W95LBEUe0.O,_am:ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE,_csss:ACT90oEuPDpRISdXedwyDAkLFqogPDiTdA,_fmt:prog,_id:rNi7Zc HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; GZ=Z=0; DV=U668bcM7gEwXUJHHJ0xN1v-ETPi31Rg; NID=511=FFnG6Cruye5Kyg5RqYGJ2WnltgKVzilQohEElWvHlsKwKeqpmikRbwhs-SpYWi79yUNWJRtOrFwRCPLJzSUQvg3BccW7HepEoxBmNAqYIoFq5MgG2ccXtEgsL3nCf4Pw4xkQsxyVf1aUP9zmu7ZUkGD1cQm1ExYbk_aI4Z_B-Gpzd8AAerdrpqvC5prqx5be7R4-GSWEYI1Fkv4
Source: global traffic	HTTP traffic detected: GET /async/asyncContextualTask?vet=12ahUKEwjPhdrQ1oWEAxXbk2oFHZtcB8EQ4dMLegQIDRAA..i&ei=Kze5ZY_EKtunqtsPm7mdiAw&opi=89978449&yv=3&cid=3258071689962503910&cs=0&async=_ck:xjs.s.gMJ68YNNwbg.L.W.O,_k:xjs.s.en_US.I0W95LBEUe0.O,_am:ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE,_csss:ACT90oEuPDpRISdXedwyDAkLFqogPDiTdA,_fmt:prog,_id:rNi7Zc HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; GZ=Z=0; DV=U668bcM7gEwXUJHHJ0xN1v-ETPi31Rg; NID=511=FFnG6Cruye5Kyg5RqYGJ2WnltgKVzilQohEElWvHlsKwKeqpmikRbwhs-SpYWi79yUNWJRtOrFwRCPLJzSUQvg3BccW7HepEoxBmNAqYIoFq5MgG2ccXtEgsL3nCf4Pw4xkQsxyVf1aUP9zmu7ZUkGD1cQm1ExYbk_aI4Z_B-Gpzd8AAerdrpqvC5prqx5be7R4-GSWEYI1Fkv4
Source: global traffic	HTTP traffic detected: GET /async/asyncContextualTask?vet=12ahUKEwjPhdrQ1oWEAxXbk2oFHZtcB8EQ4dMLegQIDBAA..i&ei=Kze5ZY_EKtunqtsPm7mdiAw&opi=89978449&yv=3&cid=7017065288382140415&cs=0&async=_ck:xjs.s.gMJ68YNNwbg.L.W.O,_k:xjs.s.en_US.I0W95LBEUe0.O,_am:ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE,_csss:ACT90oEuPDpRISdXedwyDAkLFqogPDiTdA,_fmt:prog,_id:rNi7Zc HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; GZ=Z=0; DV=U668bcM7gEwXUJHHJ0xN1v-ETPi31Rg; NID=511=FFnG6Cruye5Kyg5RqYGJ2WnltgKVzilQohEElWvHlsKwKeqpmikRbwhs-SpYWi79yUNWJRtOrFwRCPLJzSUQvg3BccW7HepEoxBmNAqYIoFq5MgG2ccXtEgsL3nCf4Pw4xkQsxyVf1aUP9zmu7ZUkGD1cQm1ExYbk_aI4Z_B-Gpzd8AAerdrpqvC5prqx5be7R4-GSWEYI1Fkv4
Source: global traffic	HTTP traffic detected: GET /iframe_api?version=3 HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.I0W95LBEUe0.O/ck=xjs.s.gMJ68YNNwbg.L.W.O/am=ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE/d=0/dg=2/br=1/ujg=1/rs=ACT90oFZDsl90NCgJVwLue8CtZZoxDzQ2w/m=kMFpHd,sy8j,bm51tf?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; GZ=Z=0; DV=U668bcM7gEwXUJHHJ0xN1v-ETPi31Rg; NID=511=FFnG6Cruye5Kyg5RqYGJ2WnltgKVzilQohEElWvHlsKwKeqpmikRbwhs-SpYWi79yUNWJRtOrFwRCPLJzSUQvg3BccW7HepEoxBmNAqYIoFq5MgG2ccXtEgsL3nCf4Pw4xkQsxyVf1aUP9zmu7ZUkGD1cQm1ExYbk_aI4Z_B-Gpzd8AAerdrpqvC5prqx5be7R4-GSWEYI1Fkv4
Source: global traffic	HTTP traffic detected: GET /s/player/6ee8f9ce/www-widgetapi.vflset/www-widgetapi.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=MmYKqDmYcs4; VISITOR_INFO1_LIVE=oCH7UytiVXo
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.I0W95LBEUe0.O/ck=xjs.s.gMJ68YNNwbg.L.W.O/am=ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE/d=0/dg=2/br=1/ujg=1/rs=ACT90oFZDsl90NCgJVwLue8CtZZoxDzQ2w/m=syez,syf0,aLUfP?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; GZ=Z=0; DV=U668bcM7gEwXUJHHJ0xN1v-ETPi31Rg; NID=511=FFnG6Cruye5Kyg5RqYGJ2WnltgKVzilQohEElWvHlsKwKeqpmikRbwhs-SpYWi79yUNWJRtOrFwRCPLJzSUQvg3BccW7HepEoxBmNAqYIoFq5MgG2ccXtEgsL3nCf4Pw4xkQsxyVf1aUP9zmu7ZUkGD1cQm1ExYbk_aI4Z_B-Gpzd8AAerdrpqvC5prqx5be7R4-GSWEYI1Fkv4
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.I0W95LBEUe0.O/ck=xjs.s.gMJ68YNNwbg.L.W.O/am=ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE/d=0/dg=2/br=1/ujg=1/rs=ACT90oFZDsl90NCgJVwLue8CtZZoxDzQ2w/m=sy11b,sy11c,dt4g2b?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; GZ=Z=0; DV=U668bcM7gEwXUJHHJ0xN1v-ETPi31Rg; NID=511=FFnG6Cruye5Kyg5RqYGJ2WnltgKVzilQohEElWvHlsKwKeqpmikRbwhs-SpYWi79yUNWJRtOrFwRCPLJzSUQvg3BccW7HepEoxBmNAqYIoFq5MgG2ccXtEgsL3nCf4Pw4xkQsxyVf1aUP9zmu7ZUkGD1cQm1ExYbk_aI4Z_B-Gpzd8AAerdrpqvC5prqx5be7R4-GSWEYI1Fkv4
Source: global traffic	HTTP traffic detected: GET /embed/?enablejsapi=1&rel=0&autoplay=0&playsinline=1&expflag=embeds_enable_muted_autoplay%3Atrue&fs=1 HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com/search?q=directx+runtime&oq=directx&gs_lcrp=EgZjaHJvbWUqDQgBEAAYgwEYsQMYgAQyDwgAEEUYORiDARixAxiABDINCAEQABiDARixAxiABDINCAIQABiDARixAxiABDIKCAMQABixAxiABDIKCAQQABixAxiABDIHCAUQABiABDINCAYQABiDARixAxiABDIHCAcQABiABDINCAgQABiDARixAxiABDINCAkQABiDARixAxiABNIBCDQwNjFqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=MmYKqDmYcs4; VISITOR_INFO1_LIVE=oCH7UytiVXo
Source: global traffic	HTTP traffic detected: GET /s/player/6ee8f9ce/www-player.css HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.youtube.com/embed/?enablejsapi=1&rel=0&autoplay=0&playsinline=1&expflag=embeds_enable_muted_autoplay%3Atrue&fs=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=MmYKqDmYcs4; VISITOR_INFO1_LIVE=oCH7UytiVXo
Source: global traffic	HTTP traffic detected: GET /s/player/6ee8f9ce/player_ias.vflset/en_US/embed.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/embed/?enablejsapi=1&rel=0&autoplay=0&playsinline=1&expflag=embeds_enable_muted_autoplay%3Atrue&fs=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=MmYKqDmYcs4; VISITOR_INFO1_LIVE=oCH7UytiVXo
Source: global traffic	HTTP traffic detected: GET /s/player/6ee8f9ce/www-embed-player.vflset/www-embed-player.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/embed/?enablejsapi=1&rel=0&autoplay=0&playsinline=1&expflag=embeds_enable_muted_autoplay%3Atrue&fs=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=MmYKqDmYcs4; VISITOR_INFO1_LIVE=oCH7UytiVXo
Source: global traffic	HTTP traffic detected: GET /s/player/6ee8f9ce/player_ias.vflset/en_US/base.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/embed/?enablejsapi=1&rel=0&autoplay=0&playsinline=1&expflag=embeds_enable_muted_autoplay%3Atrue&fs=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=MmYKqDmYcs4; VISITOR_INFO1_LIVE=oCH7UytiVXo
Source: global traffic	HTTP traffic detected: GET /s/player/6ee8f9ce/player_ias.vflset/en_US/remote.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/embed/?enablejsapi=1&rel=0&autoplay=0&playsinline=1&expflag=embeds_enable_muted_autoplay%3Atrue&fs=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=MmYKqDmYcs4; VISITOR_INFO1_LIVE=oCH7UytiVXo
Source: global traffic	HTTP traffic detected: GET /pagead/id HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.youtube.comX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /instream/ad_status.js HTTP/1.1Host: static.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.youtube.comX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=MSDLC&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r.gif?MonitorID=asgw&rid=805a442ee6889251004cff56e5e99d89&w3c=true&prot=https:&v=20190506&DATA=[{%22RequestID%22:%22afdxtest.z01.azurefd.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:638,%22T%22:1},{%22RequestID%22:%22afdxtest.z01.azurefd.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:152,%22T%22:1},{%22RequestID%22:%22fp.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:-1,%22T%22:1},{%22RequestID%22:%22ed3269487071b07864828ad1169325d0%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:-1,%22T%22:128}] HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.23347.2/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /www32/ptc/05d32363-d534-4d93-9b65-cde674775e71.js HTTP/1.1Host: cdnssl.clicktale.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.23347.2/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptc/05d32363-d534-4d93-9b65-cde674775e71.js HTTP/1.1Host: cdnssl.clicktale.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /A1133099-331c-4cdf-89b0-06dc20e168021.js HTTP/1.1Host: d.impactradius-event.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000/content/js/MeControl_MhktgtiMAnSkSgiYU2_TkQ2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=EA76ADE95776D2EC7F000101%40AdobeOrg&d_nsid=0&ts=1706637121162 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pcc/05d32363-d534-4d93-9b65-cde674775e71.js?DeploymentConfigName=Release_20230511&Version=2 HTTP/1.1Host: cdnssl.clicktale.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /www/bridge-WR110.js HTTP/1.1Host: cdnssl.clicktale.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tr?id=1770559986549030&ev=PixelInitialized&dpo=LDU&dpoco=0&dpost=0&ts=1706637121398 HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tr?id=undefined&ev=PixelInitialized&dpo=LDU&dpoco=0&dpost=0&ts=1706637121398 HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tr?id=1770559986549030&ev=PageView&dpo=LDU&dpoco=0&dpost=0&ts=1706637121398 HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tr?id=undefined&ev=PageView&dpo=LDU&dpoco=0&dpost=0&ts=1706637121398 HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /me/mecache?partner=msdlc&wreply=https%3A%2F%2Fwww.microsoft.com HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/viewthroughconversion/923371515/?guid=ON&script=0&url=www.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx&data=ecomm_pagetype%3Dother HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ats/ats?cmd=RT&AdvertiserID=4249&platform=TUMRI&ActionID=20114&ActionName=Microsoft_Store_RT_Pixel&ut1=&ut2=en&ut3=us&cachebuster=223825862 HTTP/1.1Host: ats.everesttech.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dest5.html?d_nsid=0 HTTP/1.1Host: mscom.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=EA76ADE95776D2EC7F000101%40AdobeOrg&mid=34589668024764103034595590011699581199&ts=1706637121821 HTTP/1.1Host: msftenterprise.sc.omtrdc.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pageview?ex=&pvt=n&la=en-US&uc=0&url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D35&dr=https%3A%2F%2Fwww.google.com%2F&dw=1017&dh=2538&ww=1034&wh=870&sw=1280&sh=1024&uu=96af738c-fdc5-a6c5-a3b5-bf24ef9c45a4&sn=1&hd=1706637121&v=13.83.0&pid=2422&pn=1&r=171300 HTTP/1.1Host: c.clicktale.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pageEvent?value=H4sIAAAAAAAAAwsIcVZwD%2FV0UahRMDBNMTYyNjPWTTE1NtE1SbE01rVMMjPVTU5JNTM3MTc3TTU3BAC5OujJLwAAAA%3D%3D&ct=2&isETR=false&isCustomHashId=false&v=13.83.0&pid=2422&pn=1&sn=1&uu=96af738c-fdc5-a6c5-a3b5-bf24ef9c45a4&r=393565 HTTP/1.1Host: c.clicktale.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pageEvent?value=H4sIAAAAAAAAA3POz0vLTLdSCErNSU0sTo03MjAyNjA1NAQA5ZGESRgAAAA%3D&ct=2&isETR=false&isCustomHashId=false&v=13.83.0&pid=2422&pn=1&sn=1&uu=96af738c-fdc5-a6c5-a3b5-bf24ef9c45a4&r=024492 HTTP/1.1Host: c.clicktale.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dvar?v=13.83.0&pid=2422&pn=1&sn=1&uu=96af738c-fdc5-a6c5-a3b5-bf24ef9c45a4&dv=H4sIAAAAAAAAA6tWCghxjncvzUxRslIyME0xNjI2M9ZNMTU20TVJsTTWtUwyM9VNTkk1MzcxNzdNNTdUqgUAotlAIzMAAAA%3D&ct=2&r=246796 HTTP/1.1Host: c.clicktale.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/1p-user-list/923371515/?guid=ON&script=0&url=www.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx&data=ecomm_pagetype%3Dother&is_vtc=1&cid=CAQSGwAvHhf_Vd2Mkqic_BIKrDlFV8Om8wwf6G-ZhQ&random=3815492425 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-01-30-17; NID=511=FFnG6Cruye5Kyg5RqYGJ2WnltgKVzilQohEElWvHlsKwKeqpmikRbwhs-SpYWi79yUNWJRtOrFwRCPLJzSUQvg3BccW7HepEoxBmNAqYIoFq5MgG2ccXtEgsL3nCf4Pw4xkQsxyVf1aUP9zmu7ZUkGD1cQm1ExYbk_aI4Z_B-Gpzd8AAerdrpqvC5prqx5be7R4-GSWEYI1Fkv4
Source: global traffic	HTTP traffic detected: GET /pageEvent?value=H4sIAAAAAAAAA8vPy8lPTFGoUXDOz0vLTC8tSlWozC8tUgguLUpLTE4FSpgoFJekFhQDAPRW154pAAAA&ct=2&isETR=false&isCustomHashId=false&v=13.83.0&pid=2422&pn=1&sn=1&uu=96af738c-fdc5-a6c5-a3b5-bf24ef9c45a4&r=113321 HTTP/1.1Host: c.clicktale.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=411&dpuuid=Zbk3QwAAAGzR0xva HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768; dextp=358-1-1706637122441\|477-1-1706637122553
Source: global traffic	HTTP traffic detected: GET /365868.gif?partner_uid=35050774984483340004567475019318048768 HTTP/1.1Host: idsync.rlcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tag/uet/4000034?insights=1 HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/?return=&cid=7593&tpsync=no&auth= HTTP/1.1Host: www.ojrq.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MzUwNTA3NzQ5ODQ0ODMzNDAwMDQ1Njc0NzUwMTkzMTgwNDg3Njg= HTTP/1.1Host: cm.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /1000.gif?memo=CKyqFhIxCi0IARCYEhomMzUwNTA3NzQ5ODQ0ODMzNDAwMDQ1Njc0NzUwMTkzMTgwNDg3NjgQABoNCMPu5K0GEgUI6AcQAEIASgA HTTP/1.1Host: idsync.rlcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rlas3=eKwtq0lZ/flxovLVeYToWVTIh2jBHaOMvP3BGDUDkRw=; pxrc=CAA=
Source: global traffic	HTTP traffic detected: GET /s/0.7.20/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XANDR_PANID=0U84jn1ew9ikPVt7_w3fV-ISfsCe9Ihc9la-kJur8ncyUhWxqD3Sx06SfQjg93aWzvvzpuruaMR21JdAcdeLWKJ8KsCpVkZhV1B8KCKoSgQ.; receive-cookie-deprecation=1; uuid2=535537844608889607
Source: global traffic	HTTP traffic detected: GET /dvar?v=13.83.0&pid=2422&pn=1&sn=1&uu=96af738c-fdc5-a6c5-a3b5-bf24ef9c45a4&dv=H4sIAAAAAAAAA1WQ0UvDMBDG%2F5WjL9swZe1cRX07y6YWlNKu%2BDDGSNtDAmkiSYoM9X83qYPhS758Iff77u4rwocj7o7pTXaXQgy4RCDFWynUO%2FCuGw13BH0QoRWQdWL4u442fJk9St1y6SvfqPVnaXQ%2FA%2Bx1S4CKy5MTnQVDH9o4sKNwFN1HnE9xLo3YOX61zta3vnyPDYMcGRQlg6Y%2B%2BKfmaQvf8OxosCAU5NyDKhqE6slAzSVd3OY1bmoWJCC21STeBWiBcVF6UJYsswTmlR5VD6uF72bK3l16Sa%2BzJAmrkJ%2F8ZGM%2FaliKl33ttKHzkHAF%2F%2BwcNy%2BLg8chxhMhj35%2BAYjXMCZdAQAA&ct=2&r=474970 HTTP/1.1Host: c.clicktale.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=771&dpuuid=CAESENggFu3tzOCGc387ChgMM6w&google_cver=1?gdpr=0&gdpr_consent= HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768; dextp=358-1-1706637122441\|477-1-1706637122553\|771-1-1706637122887; dpm=35050774984483340004567475019318048768
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=477&dpuuid=a32adb534ed7b015ab5f979962884ce67525e2a0283d43d778da44e182749c01b0da87c991749652 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768; dextp=358-1-1706637122441\|477-1-1706637122553\|771-1-1706637122887; dpm=35050774984483340004567475019318048768
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=358&dpuuid=535537844608889607 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768; dextp=358-1-1706637122441\|477-1-1706637122553\|771-1-1706637122887; dpm=35050774984483340004567475019318048768
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=NvNedGrehGN2W1y&MD=3Z8G6gZk HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=782&dpuuid=Zbk3QwAAAGzR0xva HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768; dpm=35050774984483340004567475019318048768; dextp=358-1-1706637122441\|477-1-1706637122553\|771-1-1706637122887\|782-1-1706637123887\|992-1-1706637124884
Source: global traffic	HTTP traffic detected: GET /i/adsct?p_user_id=35050774984483340004567475019318048768&p_id=38594 HTTP/1.1Host: analytics.twitter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=www.microsoft.com&ttd_tpi=1 HTTP/1.1Host: match.adsrvr.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pixel/p-vj4AYjBqd6VJ2.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP/1.1Host: cms.quantserve.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=1957&dpuuid=235DAA179B1F6089140CBE019A496167 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768; dpm=35050774984483340004567475019318048768; dextp=358-1-1706637122441\|477-1-1706637122553\|771-1-1706637122887\|782-1-1706637123887\|992-1-1706637124884\|1123-1-1706637125884\|903-1-1706637126875\|1175-1-1706637127881\|1957-1-1706637128890
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=3047&dpuuid=5873EF962A9843&gdpr=0&gdpr_consent= HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768; dpm=35050774984483340004567475019318048768; dextp=358-1-1706637122441\|477-1-1706637122553\|771-1-1706637122887\|782-1-1706637123887\|992-1-1706637124884\|1123-1-1706637125884\|903-1-1706637126875\|1175-1-1706637127881\|1957-1-1706637128890\|3047-1-1706637129886
Source: global traffic	HTTP traffic detected: GET /i.match?p=b13&u=35050774984483340004567475019318048768&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$ HTTP/1.1Host: a.tribalfusion.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /z/i.match?p=b13&u=35050774984483340004567475019318048768&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$ HTTP/1.1Host: s.tribalfusion.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ANON_ID=atnoeUriItxP3PTTfUSuwbKqJ63rewTSSb34AXlw
Source: global traffic	HTTP traffic detected: GET /cms?partner_id=ADOBE&_hosted_id=35050774984483340004567475019318048768&gdpr=0&gdpr_consent= HTTP/1.1Host: cms.analytics.yahoo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=22054 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768; dpm=35050774984483340004567475019318048768; dextp=358-1-1706637122441\|477-1-1706637122553\|771-1-1706637122887\|782-1-1706637123887\|992-1-1706637124884\|1123-1-1706637125884\|903-1-1706637126875\|1175-1-1706637127881\|1957-1-1706637128890\|3047-1-1706637129886\|22054-1-1706637130883\|30646-1-1706637131888
Source: global traffic	HTTP traffic detected: GET /ups/58782/cms?partner_id=ADOBE&_hosted_id=35050774984483340004567475019318048768&gdpr=0&gdpr_consent= HTTP/1.1Host: ups.analytics.yahoo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: A3=d=AQABBE03uWUCEFWu7doihFyFzYzJN-r2wxsFEgEBAQGIumXDZfGAziMA_eMAAA&S=AQAAAuVSLiP59Sh0eVinCS4hPZc
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=30646?dpuuid=y-GUgwg.xE2pFMcbpyXNvyw.wczz.DSnmIwWo-~A HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768; dpm=35050774984483340004567475019318048768; dextp=358-1-1706637122441\|477-1-1706637122553\|771-1-1706637122887\|782-1-1706637123887\|992-1-1706637124884\|1123-1-1706637125884\|903-1-1706637126875\|1175-1-1706637127881\|1957-1-1706637128890\|3047-1-1706637129886\|22054-1-1706637130883\|30646-1-1706637131888\|53196-1-1706637132888
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=57282&dpuuid=0C29F8072DAC5CAE99535F32A7D13BAE HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768; dpm=35050774984483340004567475019318048768; dextp=358-1-1706637122441\|477-1-1706637122553\|771-1-1706637122887\|782-1-1706637123887\|992-1-1706637124884\|1123-1-1706637125884\|903-1-1706637126875\|1175-1-1706637127881\|1957-1-1706637128890\|3047-1-1706637129886\|22054-1-1706637130883\|30646-1-1706637131888\|53196-1-1706637132888\|38117-1-1706637133877\|57282-1-1706637134881
Source: global traffic	HTTP traffic detected: GET /dmp/adobe/user?dd_uuid=35050774984483340004567475019318048768 HTTP/1.1Host: bttrack.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /getuid?redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D$UID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP/1.1Host: dmpsync.3lift.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dv/sync?tid=6 HTTP/1.1Host: ag.innovid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP/1.1Host: dmpsync.3lift.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tluid=3226875877078116803796
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=80742&dpuuid=99c5e057-9d5a-425b-9d30-6752d1836cd6 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768; dpm=35050774984483340004567475019318048768; dextp=358-1-1706637122441\|477-1-1706637122553\|771-1-1706637122887\|782-1-1706637123887\|992-1-1706637124884\|1123-1-1706637125884\|903-1-1706637126875\|1175-1-1706637127881\|1957-1-1706637128890\|3047-1-1706637129886\|22054-1-1706637130883\|30646-1-1706637131888\|53196-1-1706637132888\|38117-1-1706637133877\|57282-1-1706637134881\|49276-1-1706637135885\|72352-1-1706637136874\|80742-1-1706637137880
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=72352&dpuuid=3226875877078116803796&gdpr=0&gdpr_consent= HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768; dpm=35050774984483340004567475019318048768; dextp=358-1-1706637122441\|477-1-1706637122553\|771-1-1706637122887\|782-1-1706637123887\|992-1-1706637124884\|1123-1-1706637125884\|903-1-1706637126875\|1175-1-1706637127881\|1957-1-1706637128890\|3047-1-1706637129886\|22054-1-1706637130883\|30646-1-1706637131888\|53196-1-1706637132888\|38117-1-1706637133877\|57282-1-1706637134881\|49276-1-1706637135885\|72352-1-1706637136874\|80742-1-1706637137880\|81309-1-1706637138883
Source: global traffic	HTTP traffic detected: GET /CookieSyncAdobe HTTP/1.1Host: rtb.adentifi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=35050774984483340004567475019318048768?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP/1.1Host: sync.crwdcntrl.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /map/ct=y/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=35050774984483340004567475019318048768?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP/1.1Host: sync.crwdcntrl.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _cc_cc=ctst
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=121998&dpuuid=d2e823aefb96712d90244489d20af824 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768; dpm=35050774984483340004567475019318048768; dextp=358-1-1706637122441\|477-1-1706637122553\|771-1-1706637122887\|782-1-1706637123887\|992-1-1706637124884\|1123-1-1706637125884\|903-1-1706637126875\|1175-1-1706637127881\|1957-1-1706637128890\|3047-1-1706637129886\|22054-1-1706637130883\|30646-1-1706637131888\|53196-1-1706637132888\|38117-1-1706637133877\|57282-1-1706637134881\|49276-1-1706637135885\|72352-1-1706637136874\|80742-1-1706637137880\|81309-1-1706637138883\|121998-1-1706637139875\|144228-1-1706637140884
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=782&dpuuid=Zbk3QwAAAGzR0xva HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768; dpm=35050774984483340004567475019318048768; dextp=358-1-1706637122441\|477-1-1706637122553\|771-1-1706637122887\|782-1-1706637123887\|992-1-1706637124884\|1123-1-1706637125884\|903-1-1706637126875\|1175-1-1706637127881\|1957-1-1706637128890\|3047-1-1706637129886\|22054-1-1706637130883\|30646-1-1706637131888\|53196-1-1706637132888\|38117-1-1706637133877\|57282-1-1706637134881\|49276-1-1706637135885\|72352-1-1706637136874\|80742-1-1706637137880\|81309-1-1706637138883\|121998-1-1706637139875\|144228-1-1706637140884
Source: global traffic	HTTP traffic detected: GET /pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WmJrM1F3QUFBR3pSMHh2YQ== HTTP/1.1Host: cm.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmjUykVjVbva7WYqm-tzFHCJeOSmPnq-o0aH-0LuwZxXO2DvAErgDo1GJB_uNc
Source: global traffic	HTTP traffic detected: GET /rum?cm_dsp_id=88&external_user_id=Zbk3QwAAAGzR0xva HTTP/1.1Host: dsum-sec.casalemedia.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rum?cm_dsp_id=88&external_user_id=Zbk3QwAAAGzR0xva&C=1 HTTP/1.1Host: dsum-sec.casalemedia.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CMID=Zbk3WqdpVPwfFuWW3lkEqAAA; CMPS=084; CMPRO=084
Source: global traffic	HTTP traffic detected: GET /setuid?entity=158&code=Zbk3QwAAAGzR0xva HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XANDR_PANID=0U84jn1ew9ikPVt7_w3fV-ISfsCe9Ihc9la-kJur8ncyUhWxqD3Sx06SfQjg93aWzvvzpuruaMR21JdAcdeLWKJ8KsCpVkZhV1B8KCKoSgQ.; receive-cookie-deprecation=1; uuid2=535537844608889607
Source: global traffic	HTTP traffic detected: GET /w/1.0/sd?id=537148856&val=Zbk3QwAAAGzR0xva HTTP/1.1Host: us-u.openx.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Zbk3QwAAAGzR0xva HTTP/1.1Host: image2.pubmatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fr/b.php?p=1531105787105294&e=Zbk3QwAAAGzR0xva&t=2592000&o=0 HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sg/adobe/1/cm?gdpr=0&gdpr_consent= HTTP/1.1Host: trc.taboola.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sync?nid=adobe HTTP/1.1Host: sync.srv.stackadapt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=390122&dpuuid=4QGHe0AkU19ZmYu7n2WfX1G1OUo HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mscom.demdex.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=35050774984483340004567475019318048768; dpm=35050774984483340004567475019318048768; dextp=358-1-1706637122441\|477-1-1706637122553\|771-1-1706637122887\|782-1-1706637123887\|992-1-1706637124884\|1123-1-1706637125884\|903-1-1706637126875\|1175-1-1706637127881\|1957-1-1706637128890\|3047-1-1706637129886\|22054-1-1706637130883\|30646-1-1706637131888\|53196-1-1706637132888\|38117-1-1706637133877\|57282-1-1706637134881\|49276-1-1706637135885\|72352-1-1706637136874\|80742-1-1706637137880\|81309-1-1706637138883\|121998-1-1706637139875\|144228-1-1706637140884\|144229-1-1706637141887\|144230-1-1706637142878\|144231-1-1706637143886\|144232-1-1706637144888\|144233-1-1706637145886\|144234-1-1706637146889\|144235-1-1706637147875\|144236-1-1706637148881\|144237-1-1706637149884\|147592-1-1706637150876\|390122-1-1706637151882

Source: chromecache_474.11.dr	String found in binary or memory: "sameAs":["https://www.facebook.com/Microsoft","https://twitter.com/microsoft"] equals www.facebook.com (Facebook)
Source: chromecache_474.11.dr	String found in binary or memory: "sameAs":["https://www.facebook.com/Microsoft","https://twitter.com/microsoft"] equals www.twitter.com (Twitter)
Source: chromecache_474.11.dr	String found in binary or memory: <a class="d-inline-block " href="https://www.facebook.com/Microsoft" target="_blank" aria-label="Follow Microsoft on Facebook opens in new tab" data-bi-ecn="Facebook" data-bi-bhvr="126" data-bi-cn="Facebook" data-bi-socchn="Facebook" data-bi-ct="Social Button" data-bi-pa="body" data-bi-compnm="Social Follow - horizontal"> equals www.facebook.com (Facebook)
Source: chromecache_401.11.dr	String found in binary or memory: (g.Bp(c,"redirector.googlevideo.com"),d=c.toString()):c.j.match("rr?[1-9].*\\.c\\.youtube\\.com$")?(g.Bp(c,"www.youtube.com"),d=c.toString()):(c=nAa(d),qK(c)&&(d=c));c=new g.gQ(d);c.set("cmo=pf","1");e&&c.set("cmo=td","a1.googlevideo.com");return c}; equals www.youtube.com (Youtube)
Source: chromecache_406.11.dr	String found in binary or memory: ...</span></div></div><div class="kb0PBd cvP2Ce" data-sncf="2" data-snf="mCCBcf"><div class="fG8Fp uo4vr"></div></div></div></div></div></div><div class="ULSxyf"><div class="MjjYud"><div><div jsname="pKB8Bc" class="g PmEWq" data-hveid="CF4QAA"><div><div><div jscontroller="rTuANe" data-ar="1.7778" data-cid="478144fd" data-eiv="1" data-esrvl="1" data-preloadapi="1" data-surl="https://www.youtube.com/watch?v=m5Xz14RNOEE" data-tpvid="" data-vid="m5Xz14RNOEE" data-vurl="" jsaction="h5M12e;rcuQ6b:npT2md;"><div><div class="xe8e1b"><div class="nhaZ2c"><div><span jscontroller="msmzHf" jsaction="rcuQ6b:npT2md;PYDNKe:bLV6Bd;mLt3mc"><a jsname="UWckNb" href="https://www.youtube.com/watch?v=m5Xz14RNOEE" data-ved="2ahUKEwjPhdrQ1oWEAxXbk2oFHZtcB8EQtwJ6BAheEAI" ping="/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.youtube.com/watch%3Fv%3Dm5Xz14RNOEE&ved=2ahUKEwjPhdrQ1oWEAxXbk2oFHZtcB8EQtwJ6BAheEAI"><br><h3 class="LC20lb MBeuO DKV0Md">The Following Components Are Required To Run ... - YouTube</h3><div class="notranslate TbwUpd NJjxre iUh30 ojE3Fb"><span class="H9lube"><div class="eqA2re NjwKYd Vwoesf" aria-hidden="true"><img class="XNo5Ab" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAdElEQVR4AWP4//8/RZh6BgCZAkDsAMUNWDFCXgDFACCVAGKSiBPABgCRAYgiExuADAigwIAEkAENOBU8ePD/v4MDPgMa8BoABxs2/P+voECBAQcOkGwAwgsBAXi9gD8QBQQIBiLF0UhRQsKXlAuITcoDnxsBPl4957WudCUAAAAASUVORK5CYII=" style="height:18px;width:18px" alt=""></div></span><div class="GTRloc"><span class="VuuXrf">YouTube  equals www.youtube.com (Youtube)
Source: chromecache_401.11.dr	String found in binary or memory: a))):this.Zd(g.tW(a.errorMessage)):this.Zd(vW(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK_SHORT","//www.youtube.com/supported_browsers")):(a=d.hostLanguage,c="//support.google.com/youtube/?p=player_error1",a&&(c=g.$m(c,{hl:a})),this.Zd(vW(this,"GENERIC_WITH_LINK_AND_CPN",c,!0)),d.Nc&&!d.D&&sXa(this,function(e){if(g.fV(e,b.api,!DS(b.api.U()))){e={as3:!1,html5:!0,player:!0,cpn:b.api.getVideoData().clientPlaybackNonce};var f=b.api;f.xc("onFeedbackArticleRequest",{articleId:3037019,helpContext:"player_error", equals www.youtube.com (Youtube)
Source: chromecache_401.11.dr	String found in binary or memory: a.hl);this.region=b?b.contentRegion\|\|"US":QC("US",a.cr);this.hostLanguage=b?b.hostLanguage\|\|"en":QC("en",a.host_language);this.Ho=!this.kd&&Math.random()<g.OJ(this.experiments,"web_player_api_logging_fraction");this.Za=!this.kd;this.enabledEngageTypes=new Set;this.deviceIsAudioOnly=!(null==b\|\|!b.deviceIsAudioOnly);this.Rd=PC(this.Rd,a.ismb);this.Oo?(r=a.vss_host\|\|"s.youtube.com","s.youtube.com"===r&&(r=nQa(this.Ga)\|\|"www.youtube.com")):r="video.google.com";this.Qm=r;oQa(this,a,!0);this.Na=new ZR; equals www.youtube.com (Youtube)
Source: chromecache_401.11.dr	String found in binary or memory: a.severity,e,$K(a.details),f)}else this.qa.oa("nonfatalerror",a),d=/^pp/.test(this.videoData.clientPlaybackNonce),this.oe(a.errorCode,a.details),d&&"manifest.net.connect"===a.errorCode&&(a="https://www.youtube.com/generate_204?cpn="+this.videoData.clientPlaybackNonce+"&t="+(0,g.SD)(),NU(a,"manifest",function(h){b.G=!0;b.va("pathprobe",h)},function(h){b.oe(h.errorCode,h.details)}))}}; equals www.youtube.com (Youtube)
Source: chromecache_455.11.dr	String found in binary or memory: function Pr(a,b,c){this.o=this.g=this.h=null;this.i=0;this.G=!1;this.u=[];this.l=null;this.O={};if(!a)throw Error("YouTube player element ID required.");this.id=Qa(this);this.K=c;c=document;if(a="string"===typeof a?c.getElementById(a):a)if(c="iframe"===a.tagName.toLowerCase(),b.host\|\|(b.host=c?ac(a.src):"https://www.youtube.com"),this.h=new Jr(b),c\|\|(b=Qr(this,a),this.o=a,(c=a.parentNode)&&c.replaceChild(b,a),a=b),this.g=a,this.g.id\|\|(this.g.id="widget"+Qa(this.g)),Dr[this.g.id]=this,window.postMessage){this.l= equals www.youtube.com (Youtube)
Source: chromecache_401.11.dr	String found in binary or memory: g.BS=function(a){a=nQa(a.Ga);return"www.youtube-nocookie.com"===a?"www.youtube.com":a}; equals www.youtube.com (Youtube)
Source: chromecache_401.11.dr	String found in binary or memory: g.MS=function(a){var b=g.BS(a);zQa.includes(b)&&(b="www.youtube.com");return a.protocol+"://"+b}; equals www.youtube.com (Youtube)
Source: chromecache_401.11.dr	String found in binary or memory: g.Ua("Goog_AdSense_Lidar_getUrlSignalsList",jhb);var Xza=na(["//tpc.googlesyndication.com/sodar/",""]);var wLa={C3a:0,z3a:1,w3a:2,x3a:3,y3a:4,B3a:5,A3a:6};var zoa=(new Date).getTime();var Mka="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),Nka=/\bocr\b/;var Pka=/(?:\[\|%5B)([a-zA-Z0-9_]+)(?:\]\|%5D)/g;g.w(Ou,g.Md);Ou.prototype.dispose=function(){window.removeEventListener("offline",this.C);window.removeEventListener("online",this.C);this.Gn.Oj(this.G);delete Ou.instance}; equals www.youtube.com (Youtube)
Source: chromecache_401.11.dr	String found in binary or memory: g.k.getVideoUrl=function(a,b,c,d,e,f){b={list:b};c&&(e?b.time_continue=c:b.t=c);c=g.BS(this);e="www.youtube.com"===c;!f&&d&&e?f="https://youtu.be/"+a:g.wS(this)?(f="https://"+c+"/fire",b.v=a):(f&&e?(f=this.protocol+"://"+c+"/shorts/"+a,d&&(b.feature="share")):(f=this.protocol+"://"+c+"/watch",b.v=a),gE&&(a=koa())&&(b.ebc=a));return g.$m(f,b)}; equals www.youtube.com (Youtube)
Source: chromecache_401.11.dr	String found in binary or memory: iPa=function(a,b){if(!a.j["0"]){var c=new nL("0","fakesb",{video:new kL(0,0,0,void 0,void 0,"auto")});a.j["0"]=b?new lR(new g.gQ("http://www.youtube.com/videoplayback"),c,"fake"):new wR(new g.gQ("http://www.youtube.com/videoplayback"),c,new VQ(0,0),new VQ(0,0))}}; equals www.youtube.com (Youtube)
Source: chromecache_401.11.dr	String found in binary or memory: this.X.Ba&&(a.authuser=this.X.Ba);this.X.pageId&&(a.pageid=this.X.pageId);isNaN(this.cryptoPeriodIndex)\|\|(a.cpi=this.cryptoPeriodIndex.toString());var e=(e=/_(TV\|STB\|GAME\|OTT\|ATV\|BDP)_/.exec(g.oc()))?e[1]:"";"ATV"===e&&(a.cdt=e);this.G=a;this.G.session_id=d;this.ma=!0;"widevine"===this.B.flavor&&(this.G.hdr="1");"playready"===this.B.flavor&&(b=Number(WR(b.experiments,"playready_first_play_expiration")),!isNaN(b)&&0<=b&&(this.G.mfpe=""+b),this.ma=!1);b="";g.PR(this.B)?OR(this.B)?(d=c.B)&&(b="https://www.youtube.com/api/drm/fps?ek="+ equals www.youtube.com (Youtube)
Source: chromecache_401.11.dr	String found in binary or memory: this.protocol+"://www.youtube.com/";h=b?b.eventLabel:a.el;d="detailpage";"adunit"===h?d=this.D?"embedded":"detailpage":"embedded"===h\|\|this.K?d=OC(d,h,iQa):h&&(d="embedded");this.Ka=d;ata();h=null;d=b?b.playerStyle:a.ps;f=g.Hb(jQa,d);!d\|\|f&&!this.K\|\|(h=d);this.playerStyle=h;this.ma=(this.N=g.Hb(jQa,this.playerStyle))&&"play"!==this.playerStyle&&"jamboard"!==this.playerStyle;this.Oo=!this.ma;this.Ua=NC(!1,a.disableplaybackui);this.disablePaidContentOverlay=NC(!1,null==b?void 0:b.disablePaidContentOverlay); equals www.youtube.com (Youtube)
Source: chromecache_401.11.dr	String found in binary or memory: var X3={};var ldb=/[&\?]action_proxy=1/,kdb=/[&\?]token=([\w-])/,mdb=/[&\?]video_id=([\w-])/,ndb=/[&\?]index=([\d-])/,odb=/[&\?]m_pos_ms=([\d-])/,rdb=/[&\?]vvt=([\w-]*)/,edb="ca_type dt el flash u_tz u_his u_h u_w u_ah u_aw u_cd u_nplug u_nmime frm u_java bc bih biw brdim vis wgl".split(" "),pdb="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" "),hdb={android:"ANDROID", equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1696586925X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: AC9A64CD89F84E63943FA8FE73357759X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A41090080B6X-MSEdge-ExternalExp: asynccls1cf,bfbwsbcm0921tf,d-thshld42,fliptrat6,msaslm5t,qfswpos_t1,wsbref-t,wsbuacfX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 951Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=1DC02F3E55E9691B00B73C9C54F0686B&CPID=1696586926722&AC=1&CPH=4790f32e; _EDGE_S=SID=1DC02F3E55E9691B00B73C9C54F0686B; SRCHUID=V=2&GUID=1F8137B2323E40B3851AF1909FBE6E0A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1696586886&IPMH=f2fb8120&IPMID=1696586925774&LUT=1696586525257; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B

Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815367597.0000000000171000.00000020.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1EWISV70/NP01_InstallerBing
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewcscz70/SettingsPrivacy&http://g.msn.com/1ewcscz70/InstallerMU%Optionale
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewcscz70/SettingsTermUse
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewdede70/SettingsPrivacy&http://g.msn.com/1ewdede70/InstallerMU#DirectX
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewdede70/SettingsTermUse
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewenus70/SettingsPrivacy&http://g.msn.com/1ewenus70/InstallerMUPA
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewenus70/SettingsTermUse
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1eweses70/SettingsPrivacy&http://g.msn.com/1eweses70/InstallerMU$DirectX
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1eweses70/SettingsTermUse
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewfrfr70/SettingsPrivacy&http://g.msn.com/1ewfrfr70/InstallerMU&Componenti
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewfrfr70/SettingsTermUse
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewitit70/SettingsPrivacy&http://g.msn.com/1ewitit70/InstallerMU
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewitit70/SettingsTermUse
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewjajp70/SettingsPrivacy&http://g.msn.com/1ewjajp70/InstallerMU
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewjajp70/SettingsTermUse
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewkokr70/SettingsPrivacy&http://g.msn.com/1ewkokr70/InstallerMU(Optionele
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewkokr70/SettingsTermUse
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewnlnl70/SettingsPrivacy&http://g.msn.com/1ewnlnl70/InstallerMU0Opcjonalne
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewnlnl70/SettingsTermUse
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewplpl70/SettingsPrivacy&http://g.msn.com/1ewplpl70/InstallerMU5Componentes
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewplpl70/SettingsTermUse
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewptbr70/SettingsPrivacy&http://g.msn.com/1ewptbr70/InstallerMU-
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewptbr70/SettingsTermUse
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewruru70/SettingsPrivacy&http://g.msn.com/1ewruru70/InstallerMU&Valfria
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewruru70/SettingsTermUse
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewsvse70/SettingsPrivacy&http://g.msn.com/1ewsvse70/InstallerMU
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewsvse70/SettingsTermUse
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewzhcn70/SettingsPrivacy&http://g.msn.com/1ewzhcn70/InstallerMU8Componentes
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewzhcn70/SettingsTermUse
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewzhtw70/SettingsPrivacy&http://g.msn.com/1ewzhtw70/InstallerMU#Voliteln
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://g.msn.com/1ewzhtw70/SettingsTermUse
Source: chromecache_474.11.dr	String found in binary or memory: http://schema.org/Organization
Source: chromecache_406.11.dr	String found in binary or memory: http://schema.org/SearchResultsPage
Source: chromecache_401.11.dr, chromecache_455.11.dr, chromecache_395.11.dr	String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: dxwsetup.exe.17.dr, dsetup32.dll.17.dr	String found in binary or memory: http://www.BetaPlace.com
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://www.BetaPlace.com.?
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://www.BetaPlace.comEContinuare
Source: chromecache_507.11.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: dsetup32.dll.17.dr	String found in binary or memory: http://www.betaplace.com
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000D22000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000003.1817216028.0000000001474000.00000004.00000020.00020000.00000000.sdmp, dsetup32.dll.17.dr	String found in binary or memory: http://www.betaplace.com.
Source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	String found in binary or memory: http://www.betaplace.com.DInstalacn
Source: chromecache_404.11.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_401.11.dr	String found in binary or memory: http://www.youtube.com/videoplayback
Source: chromecache_401.11.dr	String found in binary or memory: http://youtube.com/drm/2012/10/10
Source: chromecache_401.11.dr	String found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: chromecache_401.11.dr	String found in binary or memory: http://youtube.com/streaming/otf/durations/112015
Source: chromecache_401.11.dr	String found in binary or memory: http://youtube.com/yt/2012/10/10
Source: chromecache_474.11.dr	String found in binary or memory: https://accdn.lpsnmedia.net
Source: chromecache_401.11.dr	String found in binary or memory: https://admin.youtube.com
Source: chromecache_474.11.dr	String found in binary or memory: https://aka.ms/MicrosoftEdgeDownload"
Source: chromecache_474.11.dr	String found in binary or memory: https://aka.ms/directx_x64_appx
Source: chromecache_474.11.dr	String found in binary or memory: https://aka.ms/directx_x86_appx
Source: chromecache_474.11.dr	String found in binary or memory: https://aka.ms/dxsetup
Source: chromecache_474.11.dr	String found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
Source: chromecache_474.11.dr	String found in binary or memory: https://analytics.tiktok.com
Source: chromecache_404.11.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_458.11.dr	String found in binary or memory: https://breeze.aimon.applicationinsights.io
Source: chromecache_474.11.dr	String found in binary or memory: https://cdnssl.clicktale.net
Source: chromecache_474.11.dr	String found in binary or memory: https://cdnssl.clicktale.net/www32/ptc/05d32363-d534-4d93-9b65-cde674775e71.js
Source: chromecache_474.11.dr	String found in binary or memory: https://d.impactradius-event.com
Source: chromecache_458.11.dr	String found in binary or memory: https://dc-int.services.visualstudio.com
Source: chromecache_458.11.dr	String found in binary or memory: https://dc.services.visualstudio.com
Source: dxwsetup.exe, 00000012.00000003.1920062429.0000000001503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://devblogs.(
Source: chromecache_455.11.dr	String found in binary or memory: https://developers.google.com/youtube/iframe_api_reference#Events
Source: chromecache_406.11.dr	String found in binary or memory: https://directx-end-user-runtime-web-installer-june-2010.en.lo4d.com
Source: chromecache_406.11.dr	String found in binary or memory: https://directx-end-user-runtime-web-installer-june-2010.en.lo4d.com/windows
Source: chromecache_406.11.dr	String found in binary or memory: https://directx-end-user-runtime-web-installer-june-2010.en.lo4d.com/windows&ved=2ahUKEwjPhdrQ1o
Source: chromecache_401.11.dr	String found in binary or memory: https://docs.google.com/get_video_info
Source: chromecache_404.11.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_404.11.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_404.11.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_404.11.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_401.11.dr, chromecache_455.11.dr, chromecache_395.11.dr	String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: chromecache_444.11.dr	String found in binary or memory: https://github.com/microsoft/clarity
Source: chromecache_401.11.dr	String found in binary or memory: https://i.ytimg.com/vi/
Source: chromecache_474.11.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net
Source: chromecache_474.11.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: chromecache_474.11.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4xdax"
Source: chromecache_401.11.dr	String found in binary or memory: https://jnn-pa.googleapis.com
Source: chromecache_474.11.dr	String found in binary or memory: https://js.monitor.azure.com
Source: chromecache_511.11.dr	String found in binary or memory: https://lens.google.com
Source: chromecache_406.11.dr	String found in binary or memory: https://linustechtips.com
Source: chromecache_406.11.dr	String found in binary or memory: https://linustechtips.com/topic/1526292-the-following-components-are-required-to-run-this-program-di
Source: dxwsetup.exe, 00000012.00000003.2507720971.00000000014E3000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000003.1907183316.00000000014CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: chromecache_474.11.dr	String found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0
Source: chromecache_474.11.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net
Source: chromecache_474.11.dr	String found in binary or memory: https://lptag.liveperson.net
Source: chromecache_474.11.dr	String found in binary or memory: https://mem.gfx.ms
Source: chromecache_474.11.dr	String found in binary or memory: https://onedrive.live.com/about/en-us/
Source: chromecache_474.11.dr	String found in binary or memory: https://outlook.live.com/owa/
Source: chromecache_511.11.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_474.11.dr	String found in binary or memory: https://publisher.liveperson.net
Source: chromecache_401.11.dr	String found in binary or memory: https://redux.js.org/api/store#subscribelistener
Source: chromecache_401.11.dr	String found in binary or memory: https://redux.js.org/tutorials/fundamentals/part-4-store#creating-a-store-with-enhancers
Source: chromecache_401.11.dr	String found in binary or memory: https://redux.js.org/tutorials/fundamentals/part-4-store#middleware
Source: chromecache_401.11.dr	String found in binary or memory: https://redux.js.org/tutorials/fundamentals/part-6-async-logic#using-the-redux-thunk-middleware
Source: chromecache_474.11.dr	String found in binary or memory: https://schema.org
Source: chromecache_406.11.dr	String found in binary or memory: https://support.activision.com
Source: chromecache_406.11.dr	String found in binary or memory: https://support.activision.com/articles/directx-errors#:~:text
Source: chromecache_406.11.dr	String found in binary or memory: https://support.activision.com/articles/directx-errors%23:~:text%3DAnswer%253A%2520If%2520you%2520re
Source: chromecache_511.11.dr	String found in binary or memory: https://support.google.com/websearch/answer/106230
Source: chromecache_401.11.dr	String found in binary or memory: https://support.google.com/youtube/?p=missing_quality
Source: chromecache_401.11.dr	String found in binary or memory: https://support.google.com/youtube/?p=noaudio
Source: chromecache_401.11.dr	String found in binary or memory: https://support.google.com/youtube/?p=report_playback
Source: chromecache_401.11.dr	String found in binary or memory: https://support.google.com/youtube/answer/6276924
Source: chromecache_474.11.dr	String found in binary or memory: https://twitter.com/microsoft
Source: chromecache_511.11.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_401.11.dr	String found in binary or memory: https://viacon.corp.google.com
Source: chromecache_474.11.dr	String found in binary or memory: https://www.clarity.ms
Source: chromecache_406.11.dr	String found in binary or memory: https://www.google.com
Source: chromecache_511.11.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: chromecache_401.11.dr	String found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
Source: chromecache_404.11.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_404.11.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_404.11.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chromecache_404.11.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_404.11.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/search_black_24dp.png
Source: chromecache_404.11.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_401.11.dr	String found in binary or memory: https://www.gstatic.com/ytlr/img/sign_in_avatar_default.png?rn=
Source: chromecache_406.11.dr	String found in binary or memory: https://www.guru3d.com
Source: chromecache_406.11.dr	String found in binary or memory: https://www.guru3d.com/download/directx-end-user-runtimes-(june-2010)/
Source: chromecache_406.11.dr	String found in binary or memory: https://www.guru3d.com/download/directx-end-user-runtimes-(june-2010)/&ved=2ahUKEwjPhdrQ1oWEAxXb
Source: chromecache_406.11.dr	String found in binary or memory: https://www.lifewire.com
Source: chromecache_406.11.dr	String found in binary or memory: https://www.lifewire.com/how-to-download-install-directx-2624489
Source: chromecache_406.11.dr	String found in binary or memory: https://www.lifewire.com/how-to-download-install-directx-2624489#toc-do-i-need-to-install-directx-on
Source: chromecache_406.11.dr	String found in binary or memory: https://www.lifewire.com/how-to-download-install-directx-2624489%23toc-do-i-need-to-install-directx-
Source: chromecache_474.11.dr	String found in binary or memory: https://www.onenote.com/
Source: chromecache_406.11.dr	String found in binary or memory: https://www.partitionwizard.com
Source: chromecache_406.11.dr	String found in binary or memory: https://www.partitionwizard.com/partitionmanager/directx-error-modern-warfare.html#:~:text
Source: chromecache_406.11.dr	String found in binary or memory: https://www.partitionwizard.com/partitionmanager/directx-error-modern-warfare.html%23:~:text%3DThe%2
Source: chromecache_406.11.dr	String found in binary or memory: https://www.partitionwizard.com/partitionmanager/directx-runtime.html
Source: chromecache_406.11.dr	String found in binary or memory: https://www.reddit.com/r/ValorantTechSupport/comments/168w8fg/directx_runtime_error/
Source: chromecache_406.11.dr	String found in binary or memory: https://www.reddit.com/r/ValorantTechSupport/comments/168w8fg/directx_runtime_error/&ved=2ahUKEw
Source: chromecache_474.11.dr	String found in binary or memory: https://www.skype.com/en/
Source: chromecache_406.11.dr	String found in binary or memory: https://www.techpowerup.com
Source: chromecache_406.11.dr	String found in binary or memory: https://www.techpowerup.com/download/directx-redistributable-runtime/
Source: chromecache_406.11.dr	String found in binary or memory: https://www.techpowerup.com/download/directx-redistributable-runtime/&ved=2ahUKEwjPhdrQ1oWEAxXbk
Source: chromecache_474.11.dr	String found in binary or memory: https://www.xbox.com/
Source: chromecache_474.11.dr	String found in binary or memory: https://www.xbox.com/en-us/games/store/pc-game-pass/cfq7ttc0kgq8?icid=CNavAllPCGamePass
Source: chromecache_474.11.dr	String found in binary or memory: https://www.xbox.com/en-us/games/store/xbox-game-pass-ultimate/cfq7ttc0khs0?icid=CNavAllXboxGamePass
Source: chromecache_455.11.dr	String found in binary or memory: https://www.youtube.com
Source: chromecache_401.11.dr	String found in binary or memory: https://www.youtube.com/api/drm/fps?ek=
Source: chromecache_401.11.dr	String found in binary or memory: https://www.youtube.com/generate_204?cpn=
Source: chromecache_406.11.dr	String found in binary or memory: https://www.youtube.com/watch%3Fv%3Dm5Xz14RNOEE&ved=2ahUKEwjPhdrQ1oWEAxXbk2oFHZtcB8EQtwJ6BAheEAI
Source: chromecache_406.11.dr	String found in binary or memory: https://www.youtube.com/watch?v=m5Xz14RNOEE
Source: chromecache_401.11.dr	String found in binary or memory: https://youtu.be/
Source: chromecache_401.11.dr	String found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
Source: chromecache_401.11.dr	String found in binary or memory: https://youtubei.googleapis.com/youtubei/
Source: chromecache_401.11.dr	String found in binary or memory: https://yurt.corp.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.58:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49961 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Jun2010_d3dcsx_43_x86[1].cab entropy: 7.99695515494	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS472A52.tmp\Jun2010_d3dcsx_43_x86.cab entropy: 7.99695519262	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\Dec2006_d3dx9_32_x86[1].cab entropy: 7.99909224767	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS469ECB.tmp\Dec2006_d3dx9_32_x86.cab entropy: 7.99909224767	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx9_32_x86.cab entropy: 7.99909224767	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\Apr2007_d3dx9_33_x86[1].cab entropy: 7.99928426182	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46A4A7.tmp\Apr2007_d3dx9_33_x86.cab entropy: 7.99928426182	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx9_33_x86.cab entropy: 7.99928426182	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Apr2007_d3dx10_33_x86[1].cab entropy: 7.99896802841	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46AAB2.tmp\Apr2007_d3dx10_33_x86.cab entropy: 7.99896802841	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx10_33_x86.cab entropy: 7.99896802841	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Jun2007_d3dx9_34_x86[1].cab entropy: 7.99906642826	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46AF94.tmp\Jun2007_d3dx9_34_x86.cab entropy: 7.99906642826	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx9_34_x86.cab entropy: 7.99906642826	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\Jun2007_d3dx10_34_x86[1].cab entropy: 7.9989902264	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46B513.tmp\Jun2007_d3dx10_34_x86.cab entropy: 7.9989902264	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx10_34_x86.cab entropy: 7.9989902264	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\Aug2007_d3dx9_35_x86[1].cab entropy: 7.9991869164	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46B9F5.tmp\Aug2007_d3dx9_35_x86.cab entropy: 7.9991869164	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx9_35_x86.cab entropy: 7.9991869164	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Aug2007_d3dx10_35_x86[1].cab entropy: 7.9986813742	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46BF92.tmp\Aug2007_d3dx10_35_x86.cab entropy: 7.9986813742	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx10_35_x86.cab entropy: 7.9986813742	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Nov2007_d3dx9_36_x86[1].cab entropy: 7.99907865291	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46C4F1.tmp\Nov2007_d3dx9_36_x86.cab entropy: 7.99907865291	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx9_36_x86.cab entropy: 7.99907865291	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\Nov2007_d3dx10_36_x86[1].cab entropy: 7.99885807363	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46CA7F.tmp\Nov2007_d3dx10_36_x86.cab entropy: 7.99885807363	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\Dec2006_d3dx10_00_x86[1].cab entropy: 7.99660427625	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx10_36_x86.cab entropy: 7.99885807363	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS4665F9.tmp\Dec2006_d3dx10_00_x86.cab entropy: 7.99660427625	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\Mar2008_d3dx9_37_x86[1].cab entropy: 7.99972380205	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx10_00_x86.cab entropy: 7.99660427625	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46CFDE.tmp\Mar2008_d3dx9_37_x86.cab entropy: 7.99972380205	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\Dec2006_d3dx10_00_x64[1].cab entropy: 7.99694629492	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx9_37_x86.cab entropy: 7.99972380205	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS466A3E.tmp\Dec2006_d3dx10_00_x64.cab entropy: 7.99694629492	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Mar2008_d3dx10_37_x86[1].cab entropy: 7.99894945695	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx10_00_x64.cab entropy: 7.99694629492	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46D57B.tmp\Mar2008_d3dx10_37_x86.cab entropy: 7.99894945695	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx10_37_x86.cab entropy: 7.99894945695	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Jun2008_d3dx9_38_x86[1].cab entropy: 7.99972642235	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46DA6D.tmp\Jun2008_d3dx9_38_x86.cab entropy: 7.99972642235	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx9_38_x86.cab entropy: 7.99972642235	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\Jun2008_d3dx10_38_x86[1].cab entropy: 7.99898013077	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46DFFB.tmp\Jun2008_d3dx10_38_x86.cab entropy: 7.99898013077	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\Feb2005_d3dx9_24_x86[1].cab entropy: 7.99897272471	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx10_38_x86.cab entropy: 7.99898013077	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46755A.tmp\Feb2005_d3dx9_24_x86.cab entropy: 7.99897272471	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\Aug2008_d3dx9_39_x86[1].cab entropy: 7.9996829971	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Feb2005_d3dx9_24_x86.cab entropy: 7.99897272471	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46E4FC.tmp\Aug2008_d3dx9_39_x86.cab entropy: 7.9996829971	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\Apr2005_d3dx9_25_x86[1].cab entropy: 7.99907513517	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx9_39_x86.cab entropy: 7.9996829971	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS467A7B.tmp\Apr2005_d3dx9_25_x86.cab entropy: 7.99907513517	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Aug2008_d3dx10_39_x86[1].cab entropy: 7.99888618458	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Apr2005_d3dx9_25_x86.cab entropy: 7.99907513517	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46EA4C.tmp\Aug2008_d3dx10_39_x86.cab entropy: 7.99888618458	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Jun2005_d3dx9_26_x86[1].cab entropy: 7.99904021782	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx10_39_x86.cab entropy: 7.99888618458	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS467FCA.tmp\Jun2005_d3dx9_26_x86.cab entropy: 7.99904021782	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Nov2008_d3dx9_40_x86[1].cab entropy: 7.99964527898	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Jun2005_d3dx9_26_x86.cab entropy: 7.99904021782	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46EF7C.tmp\Nov2008_d3dx9_40_x86.cab entropy: 7.99964527898	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Aug2005_d3dx9_27_x86[1].cab entropy: 7.99913898215	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx9_40_x86.cab entropy: 7.99964527898	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS4684FA.tmp\Aug2005_d3dx9_27_x86.cab entropy: 7.99913898215	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\Nov2008_d3dx10_40_x86[1].cab entropy: 7.99901184706	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Aug2005_d3dx9_27_x86.cab entropy: 7.99913898215	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46F4FA.tmp\Nov2008_d3dx10_40_x86.cab entropy: 7.99901184706	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\Dec2005_d3dx9_28_x86[1].cab entropy: 7.99912186515	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx10_40_x86.cab entropy: 7.99901184706	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS4689FB.tmp\Dec2005_d3dx9_28_x86.cab entropy: 7.99912186515	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\Mar2009_d3dx9_41_x86[1].cab entropy: 7.99977242309	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Dec2005_d3dx9_28_x86.cab entropy: 7.99912186515	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46FA1A.tmp\Mar2009_d3dx9_41_x86.cab entropy: 7.99977242309	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\Feb2006_d3dx9_29_x86[1].cab entropy: 7.99922866964	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx9_41_x86.cab entropy: 7.99977242309	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS468EFD.tmp\Feb2006_d3dx9_29_x86.cab entropy: 7.99922866964	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Mar2009_d3dx10_41_x86[1].cab entropy: 7.99875716031	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46FFB8.tmp\Mar2009_d3dx10_41_x86.cab entropy: 7.99875716031	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Feb2006_d3dx9_29_x86.cab entropy: 7.99922866964	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx10_41_x86.cab entropy: 7.99875716031	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Aug2009_d3dx9_42_x86[1].cab entropy: 7.99947517428	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Apr2006_d3dx9_30_x86[1].cab entropy: 7.99905051808	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS4704F8.tmp\Aug2009_d3dx9_42_x86.cab entropy: 7.99947517428	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46947B.tmp\Apr2006_d3dx9_30_x86.cab entropy: 7.99905051808	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx9_42_x86.cab entropy: 7.99947517428	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Apr2006_d3dx9_30_x86.cab entropy: 7.99905051808	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\Aug2009_d3dx10_42_x86[1].cab entropy: 7.99617858979	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Oct2006_d3dx9_31_x86[1].cab entropy: 7.99908172452	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS4709F9.tmp\Aug2009_d3dx10_42_x86.cab entropy: 7.99617858979	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS46998C.tmp\Oct2006_d3dx9_31_x86.cab entropy: 7.99908172452	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx10_42_x86.cab entropy: 7.99617858979	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Oct2006_d3dx9_31_x86.cab entropy: 7.99908172452	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\Aug2009_d3dx11_42_x86[1].cab entropy: 7.99133262696	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS470DC2.tmp\Aug2009_d3dx11_42_x86.cab entropy: 7.99133262696	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx11_42_x86.cab entropy: 7.99133262696	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Aug2009_d3dcsx_42_x86[1].cab entropy: 7.99929609474	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS47116B.tmp\Aug2009_d3dcsx_42_x86.cab entropy: 7.99929609474	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dcsx_42_x86.cab entropy: 7.99929609474	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Aug2009_D3DCompiler_42_x86[1].cab entropy: 7.99844166401	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS4718CE.tmp\Aug2009_D3DCompiler_42_x86.cab entropy: 7.99844166401	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Aug2009_D3DCompiler_42_x86.cab entropy: 7.99844166401	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\Jun2010_d3dx9_43_x86[1].cab entropy: 7.99938038089	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS471DDF.tmp\Jun2010_d3dx9_43_x86.cab entropy: 7.99938038089	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx9_43_x86.cab entropy: 7.99938038089	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\Jun2010_d3dx10_43_x86[1].cab entropy: 7.99666344587	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS47231E.tmp\Jun2010_d3dx10_43_x86.cab entropy: 7.99666344587	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx10_43_x86.cab entropy: 7.99666344587	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Jun2010_d3dx11_43_x86[1].cab entropy: 7.9918106197	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS4726E7.tmp\Jun2010_d3dx11_43_x86.cab entropy: 7.9918106197	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx11_43_x86.cab entropy: 7.9918106197	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\dxupdate[1].cab entropy: 7.99005571784	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\msdownld.tmp\AS463294.tmp\dxupdate.cab entropy: 7.99005571784	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\dxupdate.cab entropy: 7.99005571784	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

File created: C:\Windows\Logs\DirectX.log

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

File deleted: C:\Windows\SysWOW64\directx\websetup\SET147D.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C69680F	18_2_6C69680F
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C6A1DD6	18_2_6C6A1DD6
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C690362	18_2_6C690362
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C68D86D	18_2_6C68D86D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C690CB3	18_2_6C690CB3
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C692D36	18_2_6C692D36
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C69D200	18_2_6C69D200
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C68EA87	18_2_6C68EA87
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C69FF6D	18_2_6C69FF6D

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: String function: 6C689BC1 appears 324 times
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: String function: 6C69D1A0 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: String function: 6C68B0F6 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: String function: 6C689A40 appears 211 times

Source: Unconfirmed 602765.crdownload.10.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 224531 bytes, 5 files, at 0x2c "dsetup.dll" "dsetup32.dll", ID 5930, number 1, 69 datablocks, 0x1503 compression
Source: chromecache_437.11.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 224531 bytes, 5 files, at 0x2c "dsetup.dll" "dsetup32.dll", ID 5930, number 1, 69 datablocks, 0x1503 compression
Source: dxwsetup.exe.17.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: dxwsetup.exe.17.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: dxwsetup.exe.17.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary

Source: dxwsetup.exe.17.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: dxwsetup.exe.17.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: dxwsetup.exe.17.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary

Source: 7068c74f-67f6-4374-a493-185b4ad86778.tmp.10.dr

Static PE information: No import functions for PE file found

Source: 7068c74f-67f6-4374-a493-185b4ad86778.tmp.10.dr

Static PE information: Data appended to the last section found

Source: Palworld.exe, 00000007.00000000.1277225007.00007FF74F762000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenameBootstrapPackagedGame-Win64-Shipping.exeD vs Palworld.exe
Source: Palworld.exe	Binary or memory string: OriginalFilenameBootstrapPackagedGame-Win64-Shipping.exeD vs Palworld.exe

Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: msvcp140_2.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: xinput1_3.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Section loaded: advpack.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: advpack.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: devrtl.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: spinf.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: drvstore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: spfileq.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: inseng.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: ieadvpack.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: msvcp140_2.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: xinput1_3.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Palworld.exe	Section loaded: wintypes.dll	Jump to behavior

Source: classification engine

Classification label: mal48.rans.winEXE@48/288@155/57

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Code function: 18_2_6C689BC1 __wstrtime,__wstrtime,_strrchr,FormatMessageA,LocalFree,GetLastError,

18_2_6C689BC1

Source: C:\Users\user\Downloads\dxwebsetup.exe

Code function: 17_2_010018B5 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,

17_2_010018B5

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Code function: 18_2_6C68E634 GetDiskFreeSpaceA,GetLastError,GetModuleHandleA,GetLastError,GetProcAddress,GetLastError,GetLastError,

18_2_6C68E634

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Code function: 18_2_6C69A2F6 CreateEventA,CoInitialize,CoCreateInstance,

18_2_6C69A2F6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Mutant created: \Sessions\1\BaseNamedObjects\DXWSETUP

Source: C:\Users\user\Downloads\dxwebsetup.exe

File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP

Jump to behavior

Source: Palworld.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Palworld.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Palworld.exe C:\Users\user\Desktop\Palworld.exe
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2116,i,8841958676898613242,11507238833919217486,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6212 --field-trial-handle=2116,i,8841958676898613242,11507238833919217486,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\Downloads\dxwebsetup.exe "C:\Users\user\Downloads\dxwebsetup.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\Downloads\dxwebsetup.exe "C:\Users\user\Downloads\dxwebsetup.exe"
Source: C:\Users\user\Downloads\dxwebsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
Source: unknown	Process created: C:\Users\user\Desktop\Palworld.exe "C:\Users\user\Desktop\Palworld.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2116,i,8841958676898613242,11507238833919217486,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6212 --field-trial-handle=2116,i,8841958676898613242,11507238833919217486,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\Downloads\dxwebsetup.exe "C:\Users\user\Downloads\dxwebsetup.exe"	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6E449686-C509-11CF-AAFA-00AA00B6015C}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Source: Palworld.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: Palworld.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Palworld.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Palworld.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Palworld.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Palworld.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Palworld.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: Palworld.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: Palworld.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: DSETUP.pdb source: dsetup.dll.17.dr
Source:	Binary string: DSETUP.pdb0 source: dsetup.dll.17.dr
Source:	Binary string: wextract.pdb source: dxwebsetup.exe, dxwebsetup.exe, 00000011.00000002.2542730863.0000000001001000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: dsetup32.pdb source: dsetup32.dll.17.dr
Source:	Binary string: BootstrapPackagedGame-Win64-Shipping.pdb source: Palworld.exe
Source:	Binary string: dxwsetup.pdb source: dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815367597.0000000000171000.00000020.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr
Source:	Binary string: wextract.pdbU source: dxwebsetup.exe, 0000000E.00000000.1809607279.0000000001001000.00000020.00000001.01000000.00000006.sdmp, dxwebsetup.exe, 00000011.00000002.2542730863.0000000001001000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: dxupdate.pdb source: dxwsetup.exe, dxwsetup.exe, 00000012.00000002.2551142071.000000006C681000.00000020.00000001.01000000.0000000B.sdmp

Source: Palworld.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Palworld.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Palworld.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Palworld.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Palworld.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Code function: 18_2_6C68B4D6 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetLastError,GetLastError,GetLastError,

18_2_6C68B4D6

Source: 7068c74f-67f6-4374-a493-185b4ad86778.tmp.10.dr	Static PE information: real checksum: 0x54af2 should be: 0xaa5c
Source: Palworld.exe	Static PE information: real checksum: 0x0 should be: 0x358c3

Source: Palworld.exe

Static PE information: section name: _RDATA

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Code function: 18_2_6C69D1E5 push ecx; ret

18_2_6C69D1F8

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\dsetup32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\SET148E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\dsetup.dll (copy)	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 437	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\dxwebsetup.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxupdate.dll	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 602765.crdownload	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\7068c74f-67f6-4374-a493-185b4ad86778.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\dxwebsetup.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup.dll	Jump to dropped file
Source: C:\Users\user\Downloads\dxwebsetup.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup32.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\SET147D.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\dxwebsetup.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\dsetup32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\SET148E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\dsetup.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	File created: C:\Windows\SysWOW64\directx\websetup\SET147D.tmp	Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: Chrome Cache Entry: 437

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C69680F _strnlen,GetPrivateProfileStringA,	18_2_6C69680F
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C68C99A _realloc,GetPrivateProfileSectionNamesA,	18_2_6C68C99A
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C68F070 GetPrivateProfileIntA,_strnlen,CharLowerA,_strnlen,_strnlen,_strnlen,CharLowerA,_strnlen,_strnlen,_strnlen,_strnlen,	18_2_6C68F070
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C68C01B _memset,GetPrivateProfileStringA,	18_2_6C68C01B
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C690CB3 DirectXUpdateGetSetupInformation,GetModuleFileNameA,GetLastError,_strnlen,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,	18_2_6C690CB3
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C69097D _memset,_memset,GetPrivateProfileStringA,GetPrivateProfileStringA,_strrchr,GetPrivateProfileStringA,GetVersionExA,GetLastError,	18_2_6C69097D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C68EA87 GetSystemDirectoryA,GetLastError,GetPrivateProfileStringA,lstrcmpA,lstrcmpA,_strnlen,lstrcmpA,lstrcmpA,	18_2_6C68EA87
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C68D792 GetPrivateProfileStringA,	18_2_6C68D792

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\Downloads\dxwebsetup.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0	Jump to behavior

Source: C:\Users\user\Downloads\dxwebsetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\directx\websetup\dsetup32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\directx\websetup\SET148E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\directx\websetup\dsetup.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxupdate.dll	Jump to dropped file
Source: C:\Users\user\Downloads\dxwebsetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\directx\websetup\SET147D.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\dxwebsetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup32.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Evaded block: after key decision			graph_18-13788
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Evaded block: after key decision			graph_18-14773

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Evasive API call chain: GetLocalTime,DecisionNodes

graph_18-13672

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

graph_18-12934

Source: C:\Users\user\Downloads\dxwebsetup.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_17-239

Source: C:\Users\user\Downloads\dxwebsetup.exe	Code function: 17_2_01001C7F lstrcpy,lstrcpy,lstrcat,lstrcat,FindFirstFileA,lstrcpy,lstrcmp,lstrcmp,lstrcat,lstrcat,FindNextFileA,FindClose,RemoveDirectoryA,	17_2_01001C7F
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C68A3EB FindFirstFileA,FindClose,	18_2_6C68A3EB
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C68D86D GetWindowsDirectoryA,GetLastError,_strrchr,FindFirstFileA,FindFirstFileA,FindClose,FindClose,FindFirstFileA,FindClose,	18_2_6C68D86D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C691473 WideCharToMultiByte,GetLastError,WideCharToMultiByte,GetLastError,WideCharToMultiByte,_strrchr,WideCharToMultiByte,_strrchr,WideCharToMultiByte,_strrchr,WideCharToMultiByte,_memset,FindFirstFileA,FindClose,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	18_2_6C691473
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C68FB07 _memset,_memset,GetWindowsDirectoryA,GetLastError,_memset,FindFirstFileA,lstrcmpA,lstrcmpA,GetFileAttributesA,GetLastError,FindNextFileA,FindClose,	18_2_6C68FB07
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C68E7AF lstrcmpA,_memset,GetSystemDirectoryA,GetLastError,StringFromGUID2,WideCharToMultiByte,GetLastError,FindFirstFileA,FindNextFileA,FindClose,	18_2_6C68E7AF

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Code function: 18_2_6C6A62CB __get_wpgmptr,VirtualQuery,GetSystemInfo,GetModuleHandleW,GetProcAddress,VirtualAlloc,VirtualProtect,

18_2_6C6A62CB

Source: C:\Users\user\Downloads\dxwebsetup.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	File opened: C:\Users\user\AppData\Local\Temp\IXP000.TMP\	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	File opened: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup.dll	Jump to behavior
Source: C:\Users\user\Downloads\dxwebsetup.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior

Source: dxwsetup.exe, 00000012.00000003.1907183316.00000000014A0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWuJ
Source: dxwsetup.exe, 00000012.00000003.1907183316.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000003.1907183316.00000000014A0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

API call chain: ExitProcess graph end node

graph_18-12936

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Code function: 18_2_6C6898CF GetWindowsDirectoryA,OutputDebugStringA,CreateDirectoryA,GetLastError,__wstrtime,__wstrtime,

18_2_6C6898CF

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Code function: 18_2_6C68B4D6 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetLastError,GetLastError,GetLastError,

18_2_6C68B4D6

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Code function: 18_2_6C6A5A16 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,SetEndOfFile,GetLastError,

18_2_6C6A5A16

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C69AE6A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		18_2_6C69AE6A
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	Code function: 18_2_6C6A56F8 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		18_2_6C6A56F8

Source: C:\Users\user\Downloads\dxwebsetup.exe

Code function: 17_2_0100168B GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,

17_2_0100168B

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Code function: GetLocaleInfoA,

18_2_6C6A6092

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Code function: 18_2_6C69ACA5 GetLocalTime,

18_2_6C69ACA5

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Code function: 18_2_6C69A48C GetVersionExA,__heap_term,GetCommandLineA,___crtGetEnvironmentStringsA,__mtterm,__mtterm,__heap_term,___set_flsgetvalue,__freeptd,

18_2_6C69A48C

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	5 Native API	11 Registry Run Keys / Startup Folder	1 Access Token Manipulation	31 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Process Injection	1 Access Token Manipulation	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	11 Registry Run Keys / Startup Folder	1 Process Injection	Security Account Manager	11 Peripheral Device Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	NTDS	2 File and Directory Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	15 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 File Deletion	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Palworld.exe	0%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup32.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxupdate.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe	0%	ReversingLabs
C:\Users\user\Downloads\Unconfirmed 602765.crdownload	0%	ReversingLabs
C:\Users\user\Downloads\dxwebsetup.exe (copy)	0%	ReversingLabs
C:\Windows\SysWOW64\directx\websetup\SET147D.tmp	0%	ReversingLabs
C:\Windows\SysWOW64\directx\websetup\SET148E.tmp	0%	ReversingLabs
C:\Windows\SysWOW64\directx\websetup\dsetup.dll (copy)	0%	ReversingLabs
C:\Windows\SysWOW64\directx\websetup\dsetup32.dll (copy)	0%	ReversingLabs
Chrome Cache Entry: 437	0%	ReversingLabs

Source	Detection	Scanner	Label
https://www.clarity.ms/s/0.7.20/clarity.js	0%	URL Reputation	safe
https://redux.js.org/tutorials/fundamentals/part-4-store#creating-a-store-with-enhancers	0%	URL Reputation	safe
https://redux.js.org/tutorials/fundamentals/part-4-store#middleware	0%	URL Reputation	safe
https://d.impactradius-event.com	0%	URL Reputation	safe
https://bttrack.com/dmp/adobe/user?dd_uuid=35050774984483340004567475019318048768	0%	Avira URL Cloud	safe
https://rtb.adentifi.com/CookieSyncAdobe	0%	Avira URL Cloud	safe
https://srm.bf.contentsquare.net/exist?v=13.83.0&pid=2422&pn=1&sn=1&uu=96af738c-fdc5-a6c5-a3b5-bf24ef9c45a4	0%	Avira URL Cloud	safe
https://devblogs.(	0%	Avira URL Cloud	safe
http://www.betaplace.com	0%	Avira URL Cloud	safe
http://www.BetaPlace.com.?	0%	Avira URL Cloud	safe
http://www.BetaPlace.comEContinuare	0%	Avira URL Cloud	safe
https://mem.gfx.ms/meversion?partner=MSDLC&market=en-us&uhf=1	0%	Avira URL Cloud	safe
https://www.clarity.ms/tag/uet/4000034?insights=1	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
global.px.quantserve.com	192.184.69.201	true	false	high
i.ytimg.com	142.251.15.119	true	false	high
sni1gl.wpc.alphacdn.net	152.195.19.97	true	false	unknown
us-east-eb2.3lift.com	52.223.22.214	true	false	high
bttrack.com	192.132.33.68	true	false	unknown
dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com	3.215.173.68	true	false	high
dualstack.tls13.taboola.map.fastly.net	151.101.193.44	true	false	unknown
microsoft.msafflnk.net	35.174.142.23	true	false	unknown
sync.crwdcntrl.net	50.19.176.119	true	false	high
cm.g.doubleclick.net	173.194.219.157	true	false	high
aragorn-prod-va-lb.inbake.com	34.224.206.102	true	false	unknown
www.google.com	173.194.219.103	true	false	high
d.impactradius-event.com	35.186.249.72	true	false	unknown
cs1227.wpc.alphacdn.net	192.229.211.199	true	false	unknown
liveperson.map.fastly.net	151.101.193.192	true	false	unknown
match.adsrvr.org	52.223.40.198	true	false	high
star-mini.c10r.facebook.com	31.13.65.36	true	false	high
c.bf.contentsquare.net	34.206.180.7	true	false	unknown
www.ojrq.net	34.95.127.121	true	false	high
us-u.openx.net	35.244.159.8	true	false	high
plus.l.google.com	64.233.177.100	true	false	high
s.twitter.com	104.244.42.131	true	false	high
k.bf.contentsquare.net	54.162.65.117	true	false	unknown
static.doubleclick.net	74.125.138.148	true	false	high
q-aus1.contentsquare.net	3.94.15.197	true	false	unknown
youtube-ui.l.google.com	74.125.138.190	true	false	high
googleads.g.doubleclick.net	142.250.9.157	true	false	high
a.tribalfusion.com	104.18.25.173	true	false	high
clients.l.google.com	173.194.219.101	true	false	high
part-0007.t-0009.t-msedge.net	13.107.213.35	true	false	unknown
lpcdn.lpsnmedia.net	34.120.154.120	true	false	high
s.tribalfusion.com	104.18.25.173	true	false	high
dco-ats-00-1519508033.us-east-1.elb.amazonaws.com	3.224.195.202	true	false	high
adobetarget.data.adobedc.net	63.140.39.248	true	false	unknown
idsync.rlcdn.com	35.244.154.8	true	false	high
tunnel.googlezip.net	216.239.34.157	true	false	unknown
id.google.com	172.217.23.99	true	false	high
rtb.adentifi.com	18.214.166.242	true	false	unknown
part-0012.t-0009.t-msedge.net	13.107.213.40	true	false	unknown
sync.srv.stackadapt.com	52.87.115.253	true	false	high
msftenterprise.sc.omtrdc.net	63.140.39.15	true	false	unknown
accounts.google.com	173.194.219.84	true	false	high
part-0013.t-0009.t-msedge.net	13.107.213.41	true	false	unknown
srm.bf.contentsquare.net	3.208.151.21	true	false	unknown
dsum-sec.casalemedia.com	104.18.36.155	true	false	high
pug-njrpb.pubmnet.com	162.248.18.37	true	false	unknown
dns-tunnel-check.googlezip.net	216.239.34.159	true	false	unknown
ats-eks.us-east-1.dcs-online-targeting-prd.aws.oath.cloud	34.200.65.202	true	false	unknown
ib.anycast.adnxs.com	68.67.160.137	true	false	high
d1xbuscas8tetl.cloudfront.net	13.249.39.8	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
ats.everesttech.net	unknown	unknown	false	high
ag.innovid.com	unknown	unknown	false	high
idpix.media6degrees.com	unknown	unknown	false	high
px.owneriq.net	unknown	unknown	false	high
cm.everesttech.net	unknown	unknown	false	high
jadserve.postrelease.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
dmpsync.3lift.com	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high
accdn.lpsnmedia.net	unknown	unknown	false	high
rtd.tubemogul.com	unknown	unknown	false	high
pixel.rubiconproject.com	unknown	unknown	false	high
logincdn.msftauth.net	unknown	unknown	false	unknown
trc.taboola.com	unknown	unknown	false	high
px.ads.linkedin.com	unknown	unknown	false	high
cms.analytics.yahoo.com	unknown	unknown	false	high
sync-tm.everesttech.net	unknown	unknown	false	high
c.clicktale.net	unknown	unknown	false	high
ds.reson8.com	unknown	unknown	false	unknown
ups.analytics.yahoo.com	unknown	unknown	false	high
q-aus1.clicktale.net	unknown	unknown	false	high
image2.pubmatic.com	unknown	unknown	false	high
publisher.liveperson.net	unknown	unknown	false	high
cdnssl.clicktale.net	unknown	unknown	false	high
dpm.demdex.net	unknown	unknown	false	high
rtd-tm.everesttech.net	unknown	unknown	false	high
servedby.flashtalking.com	unknown	unknown	false	high
www.facebook.com	unknown	unknown	false	high
k-aus1.clicktale.net	unknown	unknown	false	high
www.clarity.ms	unknown	unknown	false	unknown
www.linkedin.com	unknown	unknown	false	high
mscom.demdex.net	unknown	unknown	false	high
mem.gfx.ms	unknown	unknown	false	unknown
analytics.twitter.com	unknown	unknown	false	high
c.s-microsoft.com	unknown	unknown	false	high
u.clarity.ms	unknown	unknown	false	unknown
cms.quantserve.com	unknown	unknown	false	high
analytics.tiktok.com	unknown	unknown	false	unknown
ib.adnxs.com	unknown	unknown	false	high
sync.search.spotxchange.com	unknown	unknown	false	high
lptag.liveperson.net	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high
acctcdn.msftauth.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/gen_204?atyp=csi&ei=Kze5ZY_EKtunqtsPm7mdiAw&s=async&astyp=asyncContextualTask&rt=ttfb.687,ft.688&zx=1706637104517&opi=89978449	false		high
https://www.clarity.ms/s/0.7.20/clarity.js	false	URL Reputation: safe	unknown
https://dmpsync.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D	false		high
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Zbk3QwAAAGzR0xva&C=1	false		high
https://dpm.demdex.net/ibs:dpid=390122&dpuuid=4QGHe0AkU19ZmYu7n2WfX1G1OUo	false		high
https://cdnssl.clicktale.net/ptc/05d32363-d534-4d93-9b65-cde674775e71.js	false		high
https://cdnssl.clicktale.net/www/bridge-WR110.js	false		high
https://www.google.com/gen_204?atyp=i&ei=Kze5ZY_EKtunqtsPm7mdiAw&ct=kptm:il&iw=1017&ih=853&r=0&sh=1024&sw=1280&tmw=374&tmh=82&nvi=6&eg=0&zx=1706637102152&opi=89978449	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=directx&oit=1&cp=7&pgcl=7&gs_rn=42&psi=w2jj9Ekh5vGktcI5&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/gen_204?atyp=csi&ei=Kze5ZY_EKtunqtsPm7mdiAw&s=async&astyp=asyncContextualTask&rt=ttfb.460,ft.461&zx=1706637105983&opi=89978449	false		high
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8	false		high
https://cdnssl.clicktale.net/www32/ptc/05d32363-d534-4d93-9b65-cde674775e71.js	false		high
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1	false		high
https://dpm.demdex.net/ibs:dpid=1957&dpuuid=235DAA179B1F6089140CBE019A496167	false		high
https://www.youtube.com/s/player/6ee8f9ce/player_ias.vflset/en_US/embed.js	false		high
https://js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js	false		high
https://srm.bf.contentsquare.net/exist?v=13.83.0&pid=2422&pn=1&sn=1&uu=96af738c-fdc5-a6c5-a3b5-bf24ef9c45a4	false	Avira URL Cloud: safe	unknown
https://www.google.com/gen_204?atyp=i&ei=Kze5ZY_EKtunqtsPm7mdiAw&ct=slh&v=t1&im=M&pv=0.518824515729305&me=160:1706637105586,B,2610:0,R,1,CCgQAA,735,165,393,1297:0,R,1,CCgQBg,736,237,392,1174:0,R,1,CC0QAA,736,237,392,1174:0,R,1,CEQQAA,756,237,372,187:0,R,1,CD4QAA,756,237,372,168:0,R,1,CD4QAQ,756,237,372,168:0,R,1,CD8QAA,756,237,372,168:0,R,1,CD8QAg,1009,373,119,32:0,R,1,CEUQAA,756,448,372,509:0,R,1,CEEQAA,756,448,372,488:0,R,1,CDEQAA,756,448,372,133:0,R,1,CDEQAQ,756,448,372,133:0,R,1,CDMQAA,756,581,372,29:0,R,1,CC4QAA,756,610,372,29:0,R,1,CC8QAA,756,639,372,29:0,R,1,CDAQAA,756,668,372,51:0,R,1,CDIQAA,756,735,372,201:0,R,1,CDIQAQ,756,736,372,66:0,R,1,CDIQBg,756,803,372,66:0,R,1,CDIQCw,756,870,372,66:9891,h,1,CAcQAA,o:0,h,1,CAUQGQ,o:4,e,B&zx=1706637115482&opi=89978449	false		high
https://mscom.demdex.net/dest5.html?d_nsid=0	false		high
https://cms.quantserve.com/pixel/p-vj4AYjBqd6VJ2.gif?idmatch=0&gdpr=0&gdpr_consent=	false		high
https://s.tribalfusion.com/z/i.match?p=b13&u=35050774984483340004567475019318048768&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$	false		high
https://www.google.com/gen_204?atyp=i&ei=Kze5ZY_EKtunqtsPm7mdiAw&ct=slh&v=t1&im=M&pv=0.518824515729305&me=135:1706637100852,R,1,CDMQAA,756,495,372,29:0,R,1,CC4QAA,756,524,372,29:0,R,1,CC8QAA,756,553,372,29:0,R,1,CDAQAA,756,582,372,51:0,R,1,CDIQAA,756,649,372,201:0,R,1,CDIQAQ,756,650,372,66:0,R,1,CDIQBg,756,717,372,66:0,R,1,CDIQCw,756,784,372,66:13,h,1,CAUQGQ,i:18,h,1,CB0QAA,i:22,h,1,CCIQAQ,i:47,h,1,CCIQAQ,o:0,h,1,CCAQAQ,i:75,h,1,CCAQAQ,o:0,h,1,CB8QAQ,i:72,h,1,CB8QAQ,o:0,h,1,CB4QAQ,i:73,h,1,CB4QAQ,o:48,h,1,CB0QAA,o:143,h,1,CAcQAA,i:3095,G,1,CAcQAA,216,48,1:0,c,244,219:0,G,1,CAcQAA,216,48:0,G,1,CAUQGQ,216,48:3,e,U&zx=1706637104461&opi=89978449	false		high
https://bttrack.com/dmp/adobe/user?dd_uuid=35050774984483340004567475019318048768	false	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=dire&oit=1&cp=4&pgcl=7&gs_rn=42&psi=w2jj9Ekh5vGktcI5&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://sync.srv.stackadapt.com/sync?nid=adobe	false		high
https://www.google.com/gen_204?atyp=csi&ei=Kze5ZY_EKtunqtsPm7mdiAw&s=async&astyp=asyncContextualTask&rt=ttfb.688,ft.689&zx=1706637102837&opi=89978449	false		high
https://rtb.adentifi.com/CookieSyncAdobe	false	Avira URL Cloud: safe	unknown
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Zbk3QwAAAGzR0xva	false		high
https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=35050774984483340004567475019318048768&gdpr=0&gdpr_consent=	false		high
https://www.google.com/xjs/_/js/k=xjs.s.en_US.I0W95LBEUe0.O/ck=xjs.s.gMJ68YNNwbg.L.W.O/am=ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE/d=1/exm=SNUn3,attn,cEt90b,cdos,csi,d,dtl0hd,eHDfl,gwc,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/excm=ABxRVc,AD6AIb,B0xr7b,CTwd8,CWOfE,CX5LId,CdOg1,D1J6He,FmnE6b,FuQWyc,GRJ32c,GXyz1,JxE93,KiXlnd,MRb7nf,NmR9jd,NsEUGe,Oa7Qpb,Ok4XMd,PE728b,PoJj8d,PvSBGf,QNvmne,RSlfle,TO0csb,TnXlGd,Trirbc,TurKxc,U3Ovcc,U6nlJe,UQpTU,UiPhkb,Uznx4d,VZLyBe,WxJ6g,XDlt7d,XHo6qe,XTkmZd,XbupY,YuNOCb,ZGLUZ,ZrXR8b,Zudxcb,a3cZoc,adn7N,ak946,bXyZdf,cKV22c,du3Q4e,eTv59e,f26on,fNMhz,hfJ9hb,jJtSzc,jkRPje,kCkfUb,kOSi0d,mL4hG,oXRDzc,pIseB,pMwOEe,pQk1fc,qngJBf,r24bR,rL2AR,sU6eaf,tlA71,tzTB5,vJPFse,vhpQNc,y25qZb,yChgtb,yfH2Bd,yn9Ffd,ypVg7e,yuQBec,zjNhL,zs9f9d/ed=1/dg=2/br=1/ujg=1/rs=ACT90oFZDsl90NCgJVwLue8CtZZoxDzQ2w/ee=AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KeeMUb:HiPxjc;KpRAue:Tia57b;LBgRLc:XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;PqHfGe:im2cZe;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZMvdv:PHFPjb;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;fWLTFc:TVBJbf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;hLUtwc:KB8OKd;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qGV2uc:HHi04c;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uknmt:GkPrzb;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;xbe2wc:uRMPBc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=ABJeBb,Da4hkd,Eox39d,GCSbhd,GElbSc,HYSCof,J4ga1b,KHourd,M0hWhd,QhoyLd,Um3BXb,Wo3n8,aD8OEe,cSX9Xe,etGP4c,fcDBE,msmzHf,nPaQu,pFsdhd,pHXghd,tIj4fb,vrkJ0e,xfmZMb?xjs=s1	false		high
https://ib.adnxs.com/setuid?entity=158&code=Zbk3QwAAAGzR0xva	false		high
https://dpm.demdex.net/ibs:dpid=3047&dpuuid=5873EF962A9843&gdpr=0&gdpr_consent=	false		high
https://ag.innovid.com/dv/sync?tid=6	false		high
https://www.google.com/xjs/_/js/k=xjs.s.en_US.I0W95LBEUe0.O/ck=xjs.s.gMJ68YNNwbg.L.W.O/am=ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE/d=0/dg=2/br=1/ujg=1/rs=ACT90oFZDsl90NCgJVwLue8CtZZoxDzQ2w/m=syez,syf0,aLUfP?xjs=s3	false		high
https://mem.gfx.ms/meversion?partner=MSDLC&market=en-us&uhf=1	false	Avira URL Cloud: safe	unknown
https://www.google.com/gen_204?atyp=csi&ei=Kze5ZY_EKtunqtsPm7mdiAw&s=async&astyp=asyncContextualTask&rt=ttfb.675,ft.676&zx=1706637104519&opi=89978449	false		high
https://idsync.rlcdn.com/365868.gif?partner_uid=35050774984483340004567475019318048768	false		high
https://dmpsync.3lift.com/getuid?redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D$UID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=	false		high
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID	false		high
https://www.facebook.com/tr?id=undefined&ev=PixelInitialized&dpo=LDU&dpoco=0&dpost=0&ts=1706637121398	false		high
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-GUgwg.xE2pFMcbpyXNvyw.wczz.DSnmIwWo-~A	false		high
https://www.google.com/gen_204?atyp=i&ei=Kze5ZY_EKtunqtsPm7mdiAw&ct=slh&v=t1&pv=0.518824515729305&me=69:1706637100833,R,1,CCgQAA,735,165,393,1211:0,R,1,CCkQAA,736,165,392,72:0,R,1,CCgQBg,736,237,392,1088:0,R,1,CC0QAA,736,237,392,1088:0,R,1,CEQQAA,756,237,372,101:0,R,1,CD4QAA,756,237,372,82:0,R,1,CD4QAQ,756,237,372,82:0,R,1,CD8QAA,756,237,372,82:0,R,1,CDgQAA,756,237,199,82:0,R,1,CD0QAA,957,237,84,82:0,R,1,CDwQAA,756,321,126,82:0,R,1,CDsQAA,884,321,119,82:0,R,1,CDkQAA,1005,321,123,82:0,R,1,CD8QAg,1009,287,119,32:0,R,1,CEUQAA,756,362,372,509:0,R,1,CEEQAA,756,362,372,488:0,R,1,CDEQAA,756,362,372,133:0,R,1,CDEQAQ,756,362,372,133:0,R,1,CDMQAA,756,495,372,29:0,R,1,CC4QAA,756,524,372,29:0,R,1,CC8QAA,756,553,372,29:0,R,1,CDAQAA,756,582,372,51:0,R,1,CDIQAA,756,649,372,201:0,R,1,CDIQAQ,756,650,372,66:0,R,1,CDIQBg,756,717,372,66:0,R,1,CDIQCw,756,784,372,66:19,T:0,R,1,9,24,36,92,33:0,R,1,CA8QAA,24,88,800,40:0,R,1,CBYQAQ,24,88,73,40:0,R,1,CBMQAQ,103,88,110,40:0,R,1,CBIQAQ,219,88,111,40:0,R,1,CBEQAQ,336,88,76,40:0,R,1,CG0QAQ,418,88,123,40:0,R,1,CGkQAQ,547,88,65,40:0,R,1,CGwQAQ,618,88,49,40:0,R,1,CGoQAQ,673,88,61,40:0,R,1,CGsQAQ,740,88,81,40:0,R,1,CAUQGQ,28,171,652,1968:0,R,1,CAcQAA,28,171,600,117:0,R,1,CB0QAA,28,332,652,248:0,R,1,CB4QAQ,28,369,652,48:0,R,1,CB8QAQ,28,418,652,48:0,R,1,CCAQAQ,28,467,652,48:0,R,1,CCIQAQ,28,516,652,48:0,R,1,CBoQAA,28,624,600,139:0,R,1,CBUQAA,28,807,600,117:0,R,1,CAoQAA,756,165,372,2445:0,R,1,CCgQAA,735,165,393,1211:0,R,1,CCkQAA,736,165,392,72:0,R,1,CCgQBg,736,237,392,1088:0,R,1,CC0QAA,736,237,392,1088:0,R,1,CEQQAA,756,237,372,101:0,R,1,CD4QAA,756,237,372,82:0,R,1,CD4QAQ,756,237,372,82:0,R,1,CD8QAA,756,237,372,82:0,R,1,CDgQAA,756,237,199,82:0,R,1,CD0QAA,957,237,84,82:0,R,1,CDwQAA,756,321,126,82:0,R,1,CDsQAA,884,321,119,82:0,R,1,CDkQAA,1005,321,123,82:0,R,1,CD8QAg,1009,287,119,32:0,R,1,CEUQAA,756,362,372,509:0,R,1,CEEQAA,756,362,372,488:0,R,1,CDEQAA,756,362,372,133:0,R,1,CDEQAQ,756,362,372,133&zx=1706637100858&opi=89978449	false		high
https://www.clarity.ms/tag/uet/4000034?insights=1	false	Avira URL Cloud: safe	unknown
https://www.google.com/gen_204?s=web&t=aft&atyp=csi&ei=Kze5ZY_EKtunqtsPm7mdiAw&rt=wsrt.348,aft.675,afti.675,aftr.399,afts.356,frts.326,frvt.675,hst.151,prt.491,sct.295&frtp=317&imn=38&ima=3&imad=2&imac=3&wh=870&aft=1&aftp=870&opi=89978449	false		high
https://i.ytimg.com/vi/m5Xz14RNOEE/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3k77br3KKy0bjWbmhAEHJOrBx75iw	false		high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.GsbA68hXs80.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo899t-H8Lxb3OqzMDuPn6TV_i36ag/cb=gapi.loaded_0	false		high
https://dpm.demdex.net/ibs:dpid=477&dpuuid=a32adb534ed7b015ab5f979962884ce67525e2a0283d43d778da44e182749c01b0da87c991749652	false		high
https://www.youtube.com/s/player/6ee8f9ce/www-widgetapi.vflset/www-widgetapi.js	false		high
https://www.google.com/xjs/_/js/k=xjs.s.en_US.I0W95LBEUe0.O/ck=xjs.s.gMJ68YNNwbg.L.W.O/am=ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE/d=0/dg=2/br=1/ujg=1/rs=ACT90oFZDsl90NCgJVwLue8CtZZoxDzQ2w/m=kMFpHd,sy8j,bm51tf?xjs=s3	false		high
https://c.clicktale.net/dvar?v=13.83.0&pid=2422&pn=1&sn=1&uu=96af738c-fdc5-a6c5-a3b5-bf24ef9c45a4&dv=H4sIAAAAAAAAA1WQ0UvDMBDG%2F5WjL9swZe1cRX07y6YWlNKu%2BDDGSNtDAmkiSYoM9X83qYPhS758Iff77u4rwocj7o7pTXaXQgy4RCDFWynUO%2FCuGw13BH0QoRWQdWL4u442fJk9St1y6SvfqPVnaXQ%2FA%2Bx1S4CKy5MTnQVDH9o4sKNwFN1HnE9xLo3YOX61zta3vnyPDYMcGRQlg6Y%2B%2BKfmaQvf8OxosCAU5NyDKhqE6slAzSVd3OY1bmoWJCC21STeBWiBcVF6UJYsswTmlR5VD6uF72bK3l16Sa%2BzJAmrkJ%2F8ZGM%2FaliKl33ttKHzkHAF%2F%2BwcNy%2BLg8chxhMhj35%2BAYjXMCZdAQAA&ct=2&r=474970	false		high
https://dpm.demdex.net/ibs:dpid=72352&dpuuid=3226875877078116803796&gdpr=0&gdpr_consent=	false		high
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zbk3QwAAAGzR0xva	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=direct&oit=1&cp=6&pgcl=7&gs_rn=42&psi=w2jj9Ekh5vGktcI5&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/async/asyncContextualTask?vet=12ahUKEwjPhdrQ1oWEAxXbk2oFHZtcB8EQ4dMLegQIDhAA..i&ei=Kze5ZY_EKtunqtsPm7mdiAw&opi=89978449&yv=3&cid=9103415834496958732&cs=0&async=_ck:xjs.s.gMJ68YNNwbg.L.W.O,_k:xjs.s.en_US.I0W95LBEUe0.O,_am:ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE,_csss:ACT90oEuPDpRISdXedwyDAkLFqogPDiTdA,_fmt:prog,_id:rNi7Zc	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://outlook.live.com/owa/	chromecache_474.11.dr	false		high
https://redux.js.org/tutorials/fundamentals/part-4-store#creating-a-store-with-enhancers	chromecache_401.11.dr	false	URL Reputation: safe	unknown
https://twitter.com/microsoft	chromecache_474.11.dr	false		high
http://g.msn.com/1ewdede70/SettingsTermUse	dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	false		high
http://g.msn.com/1ewenus70/SettingsTermUse	dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	false		high
https://support.activision.com/articles/directx-errors%23:~:text%3DAnswer%253A%2520If%2520you%2520re	chromecache_406.11.dr	false		high
http://g.msn.com/1ewsvse70/SettingsTermUse	dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	false		high
https://www.youtube.com	chromecache_455.11.dr	false		high
https://lptag.liveperson.net	chromecache_474.11.dr	false		high
https://admin.youtube.com	chromecache_401.11.dr	false		high
http://g.msn.com/1ewkokr70/SettingsPrivacy&http://g.msn.com/1ewkokr70/InstallerMU(Optionele	dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	false		high
http://www.betaplace.com	dsetup32.dll.17.dr	false	Avira URL Cloud: safe	unknown
https://support.activision.com	chromecache_406.11.dr	false		high
http://g.msn.com/1ewkokr70/SettingsTermUse	dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	false		high
https://redux.js.org/tutorials/fundamentals/part-4-store#middleware	chromecache_401.11.dr	false	URL Reputation: safe	unknown
https://d.impactradius-event.com	chromecache_474.11.dr	false	URL Reputation: safe	unknown
https://github.com/microsoft/clarity	chromecache_444.11.dr	false		high
https://yurt.corp.google.com	chromecache_401.11.dr	false		high
https://www.youtube.com/generate_204?cpn=	chromecache_401.11.dr	false		high
https://www.skype.com/en/	chromecache_474.11.dr	false		high
https://www.techpowerup.com	chromecache_406.11.dr	false		high
https://schema.org	chromecache_474.11.dr	false		high
https://www.youtube.com/watch?v=m5Xz14RNOEE	chromecache_406.11.dr	false		high
https://www.onenote.com/	chromecache_474.11.dr	false		high
http://g.msn.com/1ewzhcn70/SettingsPrivacy&http://g.msn.com/1ewzhcn70/InstallerMU8Componentes	dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	false		high
http://g.msn.com/1ewruru70/SettingsTermUse	dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	false		high
http://tools.ietf.org/html/rfc1950	chromecache_401.11.dr, chromecache_455.11.dr, chromecache_395.11.dr	false		high
https://directx-end-user-runtime-web-installer-june-2010.en.lo4d.com	chromecache_406.11.dr	false		high
http://g.msn.com/1ewfrfr70/SettingsPrivacy&http://g.msn.com/1ewfrfr70/InstallerMU&Componenti	dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	false		high
https://breeze.aimon.applicationinsights.io	chromecache_458.11.dr	false		high
https://linustechtips.com/topic/1526292-the-following-components-are-required-to-run-this-program-di	chromecache_406.11.dr	false		high
https://www.xbox.com/en-us/games/store/xbox-game-pass-ultimate/cfq7ttc0khs0?icid=CNavAllXboxGamePass	chromecache_474.11.dr	false		high
https://www.guru3d.com/download/directx-end-user-runtimes-(june-2010)/&ved=2ahUKEwjPhdrQ1oWEAxXb	chromecache_406.11.dr	false		high
https://www.google.com/log?format=json&hasfast=true	chromecache_511.11.dr	false		high
https://devblogs.(	dxwsetup.exe, 00000012.00000003.1920062429.0000000001503000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://lens.google.com	chromecache_511.11.dr	false		high
https://support.google.com/youtube/?p=report_playback	chromecache_401.11.dr	false		high
https://developers.google.com/youtube/iframe_api_reference#Events	chromecache_455.11.dr	false		high
http://youtube.com/streaming/metadata/segment/102015	chromecache_401.11.dr	false		high
http://www.BetaPlace.com.?	dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	false	Avira URL Cloud: safe	unknown
https://dc-int.services.visualstudio.com	chromecache_458.11.dr	false		high
https://youtu.be/	chromecache_401.11.dr	false		high
http://www.BetaPlace.comEContinuare	dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	false	Avira URL Cloud: safe	unknown
http://g.msn.com/1ewzhtw70/SettingsTermUse	dxwebsetup.exe, 00000011.00000003.1814248445.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000012.00000000.1815440454.0000000000194000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe.17.dr	false		high
https://apis.google.com	chromecache_404.11.dr	false		high
https://www.lifewire.com	chromecache_406.11.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.41	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.249.39.8	d1xbuscas8tetl.cloudfront.net	United States	16509	AMAZON-02US	false
104.18.25.173	a.tribalfusion.com	United States	13335	CLOUDFLARENETUS	false
35.244.154.8	idsync.rlcdn.com	United States	15169	GOOGLEUS	false
173.194.219.157	cm.g.doubleclick.net	United States	15169	GOOGLEUS	false
3.215.173.68	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
34.95.127.121	www.ojrq.net	United States	15169	GOOGLEUS	false
34.120.154.120	lpcdn.lpsnmedia.net	United States	15169	GOOGLEUS	false
34.206.180.7	c.bf.contentsquare.net	United States	14618	AMAZON-AESUS	false
13.107.213.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
74.125.138.190	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
13.107.213.40	part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.215.190	unknown	United States	15169	GOOGLEUS	false
54.211.243.61	unknown	United States	14618	AMAZON-AESUS	false
151.101.193.44	dualstack.tls13.taboola.map.fastly.net	United States	54113	FASTLYUS	false
68.67.160.137	ib.anycast.adnxs.com	United States	29990	ASN-APPNEXUS	false
52.201.196.73	unknown	United States	14618	AMAZON-AESUS	false
74.125.138.148	static.doubleclick.net	United States	15169	GOOGLEUS	false
3.224.195.202	dco-ats-00-1519508033.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
35.174.142.23	microsoft.msafflnk.net	United States	14618	AMAZON-AESUS	false
173.194.219.105	unknown	United States	15169	GOOGLEUS	false
173.194.219.103	www.google.com	United States	15169	GOOGLEUS	false
104.244.42.131	s.twitter.com	United States	13414	TWITTERUS	false
50.19.176.119	sync.crwdcntrl.net	United States	14618	AMAZON-AESUS	false
173.194.219.101	clients.l.google.com	United States	15169	GOOGLEUS	false
104.18.36.155	dsum-sec.casalemedia.com	United States	13335	CLOUDFLARENETUS	false
52.87.115.253	sync.srv.stackadapt.com	United States	14618	AMAZON-AESUS	false
34.224.206.102	aragorn-prod-va-lb.inbake.com	United States	14618	AMAZON-AESUS	false
54.162.65.117	k.bf.contentsquare.net	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.15.119	i.ytimg.com	United States	15169	GOOGLEUS	false
74.125.136.157	unknown	United States	15169	GOOGLEUS	false
52.223.40.198	match.adsrvr.org	United States	8987	AMAZONEXPANSIONGB	false
31.13.65.36	star-mini.c10r.facebook.com	Ireland	32934	FACEBOOKUS	false
3.94.15.197	q-aus1.contentsquare.net	United States	14618	AMAZON-AESUS	false
63.140.39.248	adobetarget.data.adobedc.net	United States	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
35.244.159.8	us-u.openx.net	United States	15169	GOOGLEUS	false
172.217.23.99	id.google.com	United States	15169	GOOGLEUS	false
142.250.9.157	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false
34.200.65.202	ats-eks.us-east-1.dcs-online-targeting-prd.aws.oath.cloud	United States	14618	AMAZON-AESUS	false
63.140.39.15	msftenterprise.sc.omtrdc.net	United States	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
192.132.33.68	bttrack.com	United States	18568	BIDTELLECTUS	false
192.184.69.201	global.px.quantserve.com	United States	27281	QUANTCASTUS	false
31.13.66.35	unknown	Ireland	32934	FACEBOOKUS	false
3.208.151.21	srm.bf.contentsquare.net	United States	14618	AMAZON-AESUS	false
172.217.215.119	unknown	United States	15169	GOOGLEUS	false
173.194.219.84	accounts.google.com	United States	15169	GOOGLEUS	false
52.223.22.214	us-east-eb2.3lift.com	United States	8987	AMAZONEXPANSIONGB	false
13.107.213.35	part-0007.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.193.192	liveperson.map.fastly.net	United States	54113	FASTLYUS	false
35.186.249.72	d.impactradius-event.com	United States	15169	GOOGLEUS	false
64.233.177.100	plus.l.google.com	United States	15169	GOOGLEUS	false
18.214.166.242	rtb.adentifi.com	United States	14618	AMAZON-AESUS	false
64.233.176.102	unknown	United States	15169	GOOGLEUS	false
216.239.34.157	tunnel.googlezip.net	United States	15169	GOOGLEUS	false
162.248.18.37	pug-njrpb.pubmnet.com	United States	62713	AS-PUBMATICUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	39.0.0 Ruby
Analysis ID:	1383502
Start date and time:	2024-01-30 18:50:46 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Palworld.exe
Detection:	MAL
Classification:	mal48.rans.winEXE@48/288@155/57
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 36 Number of non-executed functions: 97
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.31.50.93, 108.177.122.94, 34.104.35.123, 64.233.177.94, 142.250.9.113, 142.250.9.139, 142.250.9.100, 142.250.9.102, 142.250.9.101, 142.250.9.138, 74.125.138.94, 142.250.105.94, 172.253.124.95, 74.125.138.95, 64.233.176.95, 142.251.15.95, 64.233.185.95, 142.250.9.95, 142.250.105.95, 173.194.219.95, 108.177.122.95, 74.125.136.95, 172.217.215.95, 64.233.177.95, 23.46.241.122, 142.250.9.94, 64.233.176.94, 23.48.105.4, 23.48.105.6, 23.55.60.32, 23.55.60.27, 23.220.189.181, 208.89.12.153, 208.89.12.91, 52.167.30.171, 204.79.197.200, 13.107.21.200, 23.203.48.168, 23.203.48.155, 23.203.48.159, 23.47.204.56, 40.74.98.192, 40.126.29.5, 40.126.29.15, 20.190.157.11, 40.126.29.11, 40.126.29.6, 40.126.29.12, 40.126.29.9, 40.126.29.8, 172.217.215.97, 13.107.42.14, 34.192.2.2, 44.195.198.195, 44.213.220.232, 18.215.141.215, 3.231.17.111, 23.23.73.123, 184.31.50.9, 4.227.249.197, 151.101.130.49, 151.101.66.49, 151.101.194.49, 151.101.2.49, 172.64.151.238, 104.18.36.18, 23.7.59.179
Excluded domains from analysis (whitelisted): greenid-prod-pme.eastus2.cloudapp.azure.com, aijscdn2.afd.azureedge.net, lgincdnmsftuswe2.azureedge.net, pme-greenid-prod.trafficmanager.net, slscr.update.microsoft.com, e13678.dscb.akamaiedge.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com, publisher.livepersonk.akadns.net, fs-wildcard.microsoft.com.edgekey.net, l-0005.l-msedge.net, www.microsoft.com-c-3.edgekey.net, ats.everesttech.net.akadns.net, dlc-shim.trafficmanager.net, e12671.dscd.akamaiedge.net, login.live.com, download.microsoft.com.edgekey.net, e16604.g.akamaiedge.net, main.dl.ms.akadns.net, update.googleapis.com, download.microsoft.com, www.gstatic.com, acctcdnvzeuno.azureedge.net, acctcdnvzeuno.ec.azureedge.net, san-ion.secure4.scene7.com.edgekey.net, fpt2.microsoft.com, fs.microsoft.com, acctcdnmsftuswe2.azureedge.net, content-autofill.googleapis.com, dual-a-0001.a-msedge.net, www.tm.v4.a.prd.aadg.akadns.net, cm.everesttec
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateValueKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
VT rate limit hit for: Palworld.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3.215.173.68	https://www.resonn.link.walawalago.com/	Get hash	malicious	Unknown	Browse
3.215.173.68	http://sub.nabprotect-livechat.com/	Get hash	malicious	Unknown	Browse
13.107.246.41	http://y84x.mjt.lu/lnk/CAAABPdweCoAAAAAAAAAAAVG8MwAAAA6pnMAAAAAAAvpOQBlhIO4-ImJ1UImRBC5CNVIkLSaswAL-7Q/2/r-vXj7XjX0azsD7QNKNH-A/aHR0cHM6Ly9hcHBjZW50ZXIubXMvaW52aXRhdGlvbnMvb3JnL2IxNjM2ZDYzMTE0YTM0MjBkYWFmNTg4YTE5N2Y0N2MxNGY4ZDViNWMyM2ZjM2RhYTgxMWM0ODgwOWM1ZTZkNjQ	Get hash	malicious	Unknown	Browse	appcenter.ms/
13.107.246.41	http://url7816.acetaxi.com/ls/click?upn=k9eqZnPBEZmPVPka3LxS61O1ksdCJOgznvtiwccqzi2-2BneqvfCXEJ-2FQj-2BZo7snmCwDunBahf2LYhfs7qQp7-2F23xLStq-2BkxJ70xqVvyXzkWM-3D8Cie_z5TGfmB4A65PPE2hDgRdrx6OZsZ3AmrJLHJ0M9ePWeHP5QDTWsAVp117uXam9dNn-2BGSxHeP-2BInRF-2Bgy2v-2FXBPODjmLss6NRV2RYsUYD7um77hgLl0ET9pPGTHF-2BQ1m6-2Fw7-2B-2B9DJOpakZj874YLC8uUep0F7rZMDlM46gmHmQqqAeCV477M0h2b07T2IcXu0hzUcKftN0UG2jhPq8qo00cQl0gvOLl-2BjChyaOdLpENao-3D	Get hash	malicious	Unknown	Browse	twiliosolutions.azurefd.net/
34.206.180.7	https://arrowlumber.atlassian.net/wiki/external/ZGE5ODE2YmQ2NDk0NDc1Njk4YWFiZWMyZDk4NjE2NTk	Get hash	malicious	HTMLPhisher	Browse
34.206.180.7	https://ymcaspbc.atlassian.net/wiki/external/ODZmMGZkZmM2MGRiNGM3NTllNzc1YWM3MmNmNGM3ZGU	Get hash	malicious	Unknown	Browse
13.249.39.8	http://finecaptcha.azurewebsites.net	Get hash	malicious	Unknown	Browse
	https://prc-homes.uk/wp-images/26738903/content/Security_on_your_card_account.html	Get hash	malicious	HTMLPhisher	Browse
	American_Express_account_review_notifications.html	Get hash	malicious	HTMLPhisher	Browse
	https://pub-e9c42a3c33664feaa705bbb8f53b17d4.r2.dev/indexSecurity.html	Get hash	malicious	HTMLPhisher	Browse
	https://pub-136966ac6c4d472899a16103f84443bf.r2.dev/indexSecurity.html	Get hash	malicious	HTMLPhisher	Browse
104.18.25.173	RE Scales shared a file X298988876 (689Ko).msg	Get hash	malicious	Unknown	Browse
	https://metabrotato.com/	Get hash	malicious	Unknown	Browse
	https://t.ly/YNu39	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Trojan-Spy.AgentTesla.19330.30734.exe	Get hash	malicious	Unknown	Browse
	http://googlechrome.com.cn	Get hash	malicious	Unknown	Browse
	https://hr-a65.pages.dev/account/js-reporting/?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=%2Faccount%2Fchallenge%2Fpassword	Get hash	malicious	HTMLPhisher	Browse
	https://nhh1.pages.dev/	Get hash	malicious	HTMLPhisher	Browse
	https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=calirm%40hinckleyallen.com&senderemailaddress=tbutler%40selecttile.com&senderorganization=AwF%2fAAAAAnsAAAADAQAAABwI7eyIdK1Fmg7tJT6AoKRPVT1uZWZpbmlzaC5vbm1pY3Jvc29mdC5jb20sT1U9TWljcm9zb2Z0IEV4Y2hhbmdlIEhvc3RlZCBPcmdhbml6YXRpb25zLERDPU5BTVBSMTBBMDA1LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT01ALHrYkuTtSqpa%2fBaTIIAhQ049Q29uZmlndXJhdGlvbixDTj1uZWZpbmlzaC5vbm1pY3Jvc29mdC5jb20sQ049Q29uZmlndXJhdGlvblVuaXRzLERDPU5BTVBSMTBBMDA1LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT00B&messageid=%3cMN2PR10MB354902DD4F9E7E374D653825C5732%40MN2PR10MB3549.namprd10.prod.outlook.com%3e&cfmRecipient=SystemMailbox%7b6C0A1EFA-EC06-4AF8-8120-E8DF728D24A6%7d%40nefinish.onmicrosoft.com&consumerEncryption=false&senderorgid=36858cd5-f8d2-412e-9bf1-1695355a0ce6&urldecoded=1&e4e_sdata=S1q69%2byxUSz41CMA2XskYsk5wrxtq6jxddPK7VSa3cL9FPranF5%2fcI7gsG5FyjHiAJdM8aBbEOWOk8g8HcQJwyv1kPlY8ZQsMnS57qPSCWnbTWbRkg20LhzXqITTpTDSfyDJ6usXbPt6Ae54FMLGUoLUpmwhnYNBlyfuaOrfaFWzUDNYTYrDrVF6xGlQ5puWcwZF4HDbqhnWlPNwJP9Zn42UKnm9HnzXTdUR7N1WYF6Zoq1UkikerFXtOQzIcuLLNFM9rosdR4ZMytXXdEWc4X2b6YxKJMIuiJq5zIKWgqPblTHsJCnTz80n6rfH%2fj2xwfO805SSLx0znCBl5DwWqA%3d%3d	Get hash	malicious	Unknown	Browse
	http://url3948.rickhansen.com/ls/click?upn=mt-2BpP9XKXFpxyT-2BZ8LvZwhP2KGeLZ9ZHoGM7uEXarEHM-2F4pH7vF2AroIc8w3vogP7DCA23QFNJ-2FS5tN-2Boa7BLH6SFVy7yF-2FVVVe5ikUK79Un8TU-2BZEFJGaplFzK-2FxyWqS4KvVOjdYJwOmiJt4ruIx8u4WomIrwyj2GGANB3v-2BFU-3Dj7nI_BgO-2FprwtGDPWtmrD4vx2xz4oCnshrwZk15-2Bo65e53G8v781drlMU7eZysSj-2F2IkpdVlaNqXHBqo9jNpHNdlchXOSi4ldDUQd8zIkjqZSyOTOe8KQT-2Bg5bnI6I85b7QbMLnYqxsXkIfeAVS9G7v4rJL-2FoQxwfoJUD2Tlfkr7AnfSLwyl6Iy7ZVSAweeaPjBRhgfbxmEeOMLu5EMv825k9Gw-3D-3D	Get hash	malicious	Unknown	Browse
	http://mylovelybluesky.com	Get hash	malicious	Unknown	Browse
13.107.213.41	http://www.serviceadg.com	Get hash	malicious	Unknown	Browse	fr.linkedin.com/company/service-adg

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bttrack.com	RE Scales shared a file X298988876 (689Ko).msg	Get hash	malicious	Unknown	Browse	192.132.33.68
	http://0a4m.webslotvip.xyz/4ynPva3260BhWs273ricfnufvcp14480RNJCKNHQEONTLNB689674ACCJ9307O12	Get hash	malicious	Unknown	Browse	192.132.33.67
	https://atadfsrgse.square.site/	Get hash	malicious	Unknown	Browse	192.132.33.67
	ATT00002.html	Get hash	malicious	HTMLPhisher	Browse	192.132.33.68
	https://trustwall.azurewebsites.net/	Get hash	malicious	Unknown	Browse	192.132.33.67
	https://metamafsk.azurewebsites.net/	Get hash	malicious	Unknown	Browse	192.132.33.69
	https://lidoe.azurewebsites.net/	Get hash	malicious	Unknown	Browse	192.132.33.69
	https://finecaptcha.azurewebsites.net	Get hash	malicious	Unknown	Browse	192.132.33.69
	http://finecaptcha.azurewebsites.net	Get hash	malicious	Unknown	Browse	192.132.33.67
	Env#U00edo CFDI FACTURA FFD - A8w1t0A4o3N7D86750507859.html	Get hash	malicious	Unknown	Browse	192.132.33.67
dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com	https://protect-us.mimecast.com/s/WmtgC2krQxIovQN4I2X4tR?domain=click-notification.capitalone.com	Get hash	malicious	Unknown	Browse	52.204.246.173
	https://acrobat.adobe.com/id/urn%3Aaaid%3Asc%3AVA6C2%3Afddc3650-f6be-4ca6-aa21-9de68961e0e6/?x_api_client_id=loggedout_home&x_api_client_location=adobe&viewer%21megaVerb=group-edit&filetype=application%2Fpdf	Get hash	malicious	Unknown	Browse	54.156.241.118
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:e7f4c320-ba98-45d1-a439-22e568f28ba2	Get hash	malicious	Unknown	Browse	34.206.63.221
	RE Scales shared a file X298988876 (689Ko).msg	Get hash	malicious	Unknown	Browse	3.237.59.54
	http://52.216.221.32	Get hash	malicious	Unknown	Browse	34.201.247.102
	EbLVClBnSw.exe	Get hash	malicious	Unknown	Browse	54.172.142.205
	https://www.moneyket.link.sunfancal.com/	Get hash	malicious	Unknown	Browse	44.196.200.15
	https://www.moneyket.link.didiancj.com/	Get hash	malicious	Unknown	Browse	107.23.6.4
	https://www.moneyket.link.habonera.com/	Get hash	malicious	Unknown	Browse	50.17.221.242
	https://www.moneyket.link.kulouhui.com/	Get hash	malicious	Unknown	Browse	52.207.30.198
sni1gl.wpc.alphacdn.net	http:///lerimef473cubenecom.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	https://outlook.cyberlab-x.com/mail	Get hash	malicious	Unknown	Browse	152.195.19.97
	https://vfiiexe.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	https://u41337755.ct.sendgrid.net/ls/click?upn=waPHK9zMCe9R5IQlth8GGnaIAom8rqw3QLrA0U84y31o-2B5I-2B2z-2FOwiHOxNAlC5TxwiWz59DQO-2FtwZ95kKVkYBXYXKha-2FS3mhIGGqOQkgflo-3D5Reu_BgpgE-2FyPsk5g8yjzkBFYC9v5n7d0Px7Ih3MDQtp2m-2FWQw2Cuqr9s3IezsXHPKZDcA-2Bk-2Bkgf3ZPQBNt2r4nK1hXo13FK-2FB3Tln8CbIj7KovtJ9-2B8BYCPW6KD4lAGjxZWn8P2qrqLj9579eeFt-2BXlihfpiKBQ8WcQbJdP0nypZNWgGOQsJWRRLT3MphoI6GgPyAUbA-2BgZ6tK-2BDkBVHPFlgV5k4taF0blBGSiVDylWarKI-3D	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	Audits_Distribution Notice.msg	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//geniebroots%E3%80%82com/phpfile/rahc0c1ro5ianbggqwkdsf6ufnn7jolo15webcflp0bnelsrujohtelw4knxh4muirbbwpiqnmxhw6o71vktxvreda3oowswwrljf27it3s4puewrgrigembujrth68xupzhbegfezobam8bfk3mb02lfrpso4xqk2v5670icpargpmkvtelqoszhiqzhwjnv6aemhyk/anVlcmdlbi5zZWlkbGVyQGlwcm90ZXguZGU=	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//putterbugs.com/site/wsde.basdfsd/d2FkZS5iYWxsYXJkQHN0b25lcmdyb3VwLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	https://bmwag-rt-prod2-t.campaign.adobe.com/r/?id=h2ccc12b%2C8d23fb3%2C492093b&p1=//cohostingcars.com%2Fincludi%2Flicences%2F35lddh/dGVzdEB0ZXN0LmNvbQ=	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	https://1drv.ms/b/s!AtS4AT1e0BnKbeR4gH9MVXH2aYA	Get hash	malicious	Unknown	Browse	152.195.19.97
	ATT00002.html	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
global.px.quantserve.com	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:e7f4c320-ba98-45d1-a439-22e568f28ba2	Get hash	malicious	Unknown	Browse	192.184.69.239
	https://linsrancongbiknu.gq/?c=jydfn&s=687474703a2f2f646174696e6773722e636f6d2f6e65772f3f733d383426263732333030373730333535333838362664693d37672d3131342665643d73747526693d61646d696e38342c36353033382c44464f5832364073747564656e742e672d706973642e6f72672c4465766f6e2674733d31373036353537303230263738363238373132353235313235	Get hash	malicious	Unknown	Browse	192.184.69.252
	RE Scales shared a file X298988876 (689Ko).msg	Get hash	malicious	Unknown	Browse	192.184.68.166
	https://winscp.net/download/WinSCP-6.1.2-Setup.exe	Get hash	malicious	Unknown	Browse	192.184.69.215
	https://metabrotato.com/	Get hash	malicious	Unknown	Browse	192.184.69.252
	https://t.ly/YNu39	Get hash	malicious	Unknown	Browse	192.184.69.215
	http://0a4m.webslotvip.xyz/4ynPva3260BhWs273ricfnufvcp14480RNJCKNHQEONTLNB689674ACCJ9307O12	Get hash	malicious	Unknown	Browse	192.184.69.215
	Chepstow Hospital 2024.html	Get hash	malicious	Unknown	Browse	192.184.69.239
	https://atadfsrgse.square.site/	Get hash	malicious	Unknown	Browse	192.184.69.201
	http://googlechrome.com.cn	Get hash	malicious	Unknown	Browse	192.184.69.252
us-east-eb2.3lift.com	https://nclozif.cn/	Get hash	malicious	Unknown	Browse	35.71.139.29
	RE Scales shared a file X298988876 (689Ko).msg	Get hash	malicious	Unknown	Browse	35.71.139.29
	edge_x86_KB91412024.exe	Get hash	malicious	Unknown	Browse	52.223.22.214
	https://vip38.net/	Get hash	malicious	Unknown	Browse	35.71.139.29
	http://0a4m.webslotvip.xyz/4ynPva3260BhWs273ricfnufvcp14480RNJCKNHQEONTLNB689674ACCJ9307O12	Get hash	malicious	Unknown	Browse	52.223.22.214
	Chepstow Hospital 2024.html	Get hash	malicious	Unknown	Browse	52.223.22.214
	https://hr-a65.pages.dev/account/js-reporting/?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=%2Faccount%2Fchallenge%2Fpassword	Get hash	malicious	HTMLPhisher	Browse	52.223.22.214
	https://www.google.com/url?rct=j&sa=t&url=https://cricfit.com/know-everything-about-nassau-county-international-cricket-stadium-new-yorks-grand-venue/&ct=ga&cd=CAEYACoTMzQ2MjY3NDU4MDM1MTU0MjcyNjIaNDg2YTljMDhmODczN2NiODpjb206ZW46VVM&usg=AOvVaw1XZtMH-kXd__m5Ea_T5csP	Get hash	malicious	Unknown	Browse	52.223.22.214
	https://zoom-download.pics	Get hash	malicious	Unknown	Browse	52.223.22.214
	https://watchlivestreamall24.xyz/%C3%96ppningsevent-ny-butik/	Get hash	malicious	Unknown	Browse	52.223.22.214

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	https://falcon.us-2.crowdstrike.com/search/	Get hash	malicious	Unknown	Browse	35.164.131.68
	bot.arm6.elf	Get hash	malicious	Mirai	Browse	34.254.182.186
	https://www.canva.com/design/DAF7XjVVXrs/-M-ZAkUHHNvwgc7hHkRTJQ/view?utm_content=DAF7XjVVXrs&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	99.86.229.18
	xuPFIoUdut.exe	Get hash	malicious	Njrat	Browse	3.67.161.133
	R3ov8eFFFP.exe	Get hash	malicious	Njrat	Browse	18.197.239.5
	https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-00a2-2401/Bct/g-00e9/l-00e4:4e5156/ct2_0/1/lu?sid=TV2%3A77KSjIGlP&c=E,1,oEV6T_FZXfcwsLJPdLRKsm5UxG5l1_dNlD0IFImFpjO05VML-T178ZPmvZqk5ormfZ0PuJEmGpb9jj51uxHqZ7XbQK5xoBbVXlPrmcKyudGsVoZJQcz-cg,,&typo=1	Get hash	malicious	Unknown	Browse	52.85.151.27
	Disputes_2Pages-Fax (2).html	Get hash	malicious	Unknown	Browse	108.156.152.114
	Fax-847-0944.xlsx	Get hash	malicious	HTMLPhisher	Browse	99.86.229.114
	https://protect-us.mimecast.com/s/WmtgC2krQxIovQN4I2X4tR?domain=click-notification.capitalone.com	Get hash	malicious	Unknown	Browse	3.124.226.107
	Garfieldpolice_Receipt_823481010238.html	Get hash	malicious	HTMLPhisher	Browse	99.84.108.67
CLOUDFLARENETUS	http://klienref.com	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
	EL76BXXsn2.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine, Xmrig, zgRAT	Browse	104.21.47.178
	K7wVV.vbs	Get hash	malicious	Unknown	Browse	104.22.52.71
	https://falcon.us-2.crowdstrike.com/search/	Get hash	malicious	Unknown	Browse	172.64.155.119
	https://www.canva.com/design/DAF7XjVVXrs/-M-ZAkUHHNvwgc7hHkRTJQ/view?utm_content=DAF7XjVVXrs&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	104.17.239.159
	file.exe	Get hash	malicious	Amadey, Fabookie, Glupteba, Stealc, Vidar	Browse	172.67.155.208
	HTTP://G3.RS:8080/AbAxXuAEis/op2yTFYQ8ljBBAMiL/CBCCBB204142611?fj54059	Get hash	malicious	Unknown	Browse	1.1.1.1
	http://ecv.microsoft.com/zvxKfmNPZn	Get hash	malicious	HTMLPhisher	Browse	172.64.207.38
	https://link.mail.beehiiv.com/ls/click?upn=RJBLNjPHu2yKk-2Bu16K2FB3NBHFZoz97yjUwDDm-2FqWUaniKiHQ8kznOGZr1KyPDWb-2FcSrNdDqHTGUbfEK9WejqqsPTCaBIRy-2FczcE6GOqVHDDcD5SziBBsDXvKJj8DzCQiNEppuaFfPWlQG6bWZcxYM5y5ULuVGc4sFI1J4hnt2EYQspHuoiu9Ey-2Fxs9Oi3llwVTW_z-2BtqlVCnjZSGfdpo5Cb4PcEYh8VboE4TPRaGEZhhwsJcBz3D3KrX0EH-2Bin1-2F8dlB6mljS1nnpaWWJa7VlaLTeIDghSGeEKqtYyrIyNvJma38SRpT5U4k5CtKEXPg6odS6VIQ-2FCSCC3AcX6ZoTvNXIaQ1MQ4twV71OpBVk5P5cx6DgU12uGtemTVhPYmCGQiHnJEtztIuU9ZQ2aNx-2FYdWwPlWJ-2Bcv2nAtzB6lKK4zPT3fX9UQbasaJSMUBQnSzNo1t9ZgrKZkm2v5haTvnoViKkCXSnt1l7YsskjDMkD-2Bj3IH2DU8aT69iXF8XiCPC1rLZ9SbqPvmRvlOGNjYfCAff9q318RGxqNjiiHcmAdwv4DWF0RbH5lTIdAhQkvU21D6KIreh54W3NsC2aQ5fr-2B7jFA-2Fn7D52YnmgXV0hIRvsNSv6FUAv4pH6i6EcTpAvhWG	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-00a2-2401/Bct/g-00e9/l-00e4:4e5156/ct0_0/1/ms?sid=TV2%3A77KSjIGlP&c=E,1,H-3I34XCofY7CF4iLd9q9505Lnh108c4c1QSwg7mHu3TUhi8HaN-c5B4E5BGKwmzPKEc7h-Ma-Mc5tw_999BWeVa_kzCI2Uw24xRcuxYnYYEa_L2BpDayMpTQw,,&typo=1	Get hash	malicious	Unknown	Browse	172.67.199.186
AMAZON-AESUS	https://falcon.us-2.crowdstrike.com/search/	Get hash	malicious	Unknown	Browse	50.16.211.97
	https://www.canva.com/design/DAF7XjVVXrs/-M-ZAkUHHNvwgc7hHkRTJQ/view?utm_content=DAF7XjVVXrs&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	52.203.149.164
	https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-00a2-2401/Bct/g-00e9/l-00e4:4e5156/ct0_0/1/ms?sid=TV2%3A77KSjIGlP&c=E,1,H-3I34XCofY7CF4iLd9q9505Lnh108c4c1QSwg7mHu3TUhi8HaN-c5B4E5BGKwmzPKEc7h-Ma-Mc5tw_999BWeVa_kzCI2Uw24xRcuxYnYYEa_L2BpDayMpTQw,,&typo=1	Get hash	malicious	Unknown	Browse	3.233.159.182
	https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-00a2-2401/Bct/g-00e9/l-00e4:4e5156/ct1_0/1/lu?sid=TV2%3A77KSjIGlP&c=E,1,LGDi1DUhY2tIeheA-u9shqcUMetsFVFGeYy5XaiToSP9iPBdeiUA1tQCqV2canPEUMoaxPpIFMwKbQaigZTkU36yAW_0YmJTjPT-IU9c&typo=1	Get hash	malicious	Unknown	Browse	3.233.155.103
	https://control-eligibility-657302.netlify.app/case-2000048	Get hash	malicious	Unknown	Browse	54.84.236.175
	https://protect-us.mimecast.com/s/WmtgC2krQxIovQN4I2X4tR?domain=click-notification.capitalone.com	Get hash	malicious	Unknown	Browse	52.204.246.173
	Garfieldpolice_Receipt_823481010238.html	Get hash	malicious	HTMLPhisher	Browse	23.22.173.247
	https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//b3groover.com/html/xtml/3jv6hhtqoycydubawq4q0vkugtsynvny48qryppx7dhenfjqlwkk6qcqxsvbp7bq346ltip18tnamlwgiy2ulkd1zvmqe5oublogi1mrebjnrbytt634ropk41uqpmdplsjbqshs1l4nlmna1m81gbqowtvmkuiezp8cyyauc2aqgm6luxzldz6xgq3rficooly7z7i7/YW5kcmV3LmRvc3NAc3VtbWl0YmhjLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	23.22.173.247
	https://t.ly/vUxxB	Get hash	malicious	Unknown	Browse	34.203.143.4
	https://www.bing.com/ck/a?!&&p=bd0766a2437219cbJmltdHM9MTcwNjQ4NjQwMCZpZ3VpZD0xMmI2NWRiOC0xMDdlLTYxYmYtMGUxMS00ZTQ0MTExNDYwNzYmaW5zaWQ9NTE5Mg&ptn=3&ver=2&hsh=3&fclid=12b65db8-107e-61bf-0e11-4e4411146076&psq=rayautox.co.za&u=a1aHR0cDovL3d3dy5yYXlhdXRveC5jby56YS8&ntb=1	Get hash	malicious	Unknown	Browse	35.168.166.60
AMAZON-AESUS	https://falcon.us-2.crowdstrike.com/search/	Get hash	malicious	Unknown	Browse	50.16.211.97
	https://www.canva.com/design/DAF7XjVVXrs/-M-ZAkUHHNvwgc7hHkRTJQ/view?utm_content=DAF7XjVVXrs&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	52.203.149.164
	https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-00a2-2401/Bct/g-00e9/l-00e4:4e5156/ct0_0/1/ms?sid=TV2%3A77KSjIGlP&c=E,1,H-3I34XCofY7CF4iLd9q9505Lnh108c4c1QSwg7mHu3TUhi8HaN-c5B4E5BGKwmzPKEc7h-Ma-Mc5tw_999BWeVa_kzCI2Uw24xRcuxYnYYEa_L2BpDayMpTQw,,&typo=1	Get hash	malicious	Unknown	Browse	3.233.159.182
	https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-00a2-2401/Bct/g-00e9/l-00e4:4e5156/ct1_0/1/lu?sid=TV2%3A77KSjIGlP&c=E,1,LGDi1DUhY2tIeheA-u9shqcUMetsFVFGeYy5XaiToSP9iPBdeiUA1tQCqV2canPEUMoaxPpIFMwKbQaigZTkU36yAW_0YmJTjPT-IU9c&typo=1	Get hash	malicious	Unknown	Browse	3.233.155.103
	https://control-eligibility-657302.netlify.app/case-2000048	Get hash	malicious	Unknown	Browse	54.84.236.175
	https://protect-us.mimecast.com/s/WmtgC2krQxIovQN4I2X4tR?domain=click-notification.capitalone.com	Get hash	malicious	Unknown	Browse	52.204.246.173
	Garfieldpolice_Receipt_823481010238.html	Get hash	malicious	HTMLPhisher	Browse	23.22.173.247
	https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//b3groover.com/html/xtml/3jv6hhtqoycydubawq4q0vkugtsynvny48qryppx7dhenfjqlwkk6qcqxsvbp7bq346ltip18tnamlwgiy2ulkd1zvmqe5oublogi1mrebjnrbytt634ropk41uqpmdplsjbqshs1l4nlmna1m81gbqowtvmkuiezp8cyyauc2aqgm6luxzldz6xgq3rficooly7z7i7/YW5kcmV3LmRvc3NAc3VtbWl0YmhjLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	23.22.173.247
	https://t.ly/vUxxB	Get hash	malicious	Unknown	Browse	34.203.143.4
	https://www.bing.com/ck/a?!&&p=bd0766a2437219cbJmltdHM9MTcwNjQ4NjQwMCZpZ3VpZD0xMmI2NWRiOC0xMDdlLTYxYmYtMGUxMS00ZTQ0MTExNDYwNzYmaW5zaWQ9NTE5Mg&ptn=3&ver=2&hsh=3&fclid=12b65db8-107e-61bf-0e11-4e4411146076&psq=rayautox.co.za&u=a1aHR0cDovL3d3dy5yYXlhdXRveC5jby56YS8&ntb=1	Get hash	malicious	Unknown	Browse	35.168.166.60
MICROSOFT-CORP-MSN-AS-BLOCKUS	EL76BXXsn2.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine, Xmrig, zgRAT	Browse	20.79.30.95
	https://falcon.us-2.crowdstrike.com/search/	Get hash	malicious	Unknown	Browse	13.107.246.40
	http://ecv.microsoft.com/zvxKfmNPZn	Get hash	malicious	HTMLPhisher	Browse	13.107.226.41
	file.exe	Get hash	malicious	RedLine	Browse	20.79.30.95
	https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=xyUGhl2bVUOmtShFGwg2LZ3FKIMjX35GvVD59jUPGMhUMFE3N1ZDNUlKUkZDNkRZUlJQQUdYSDBPTi4u	Get hash	malicious	Unknown	Browse	13.107.213.41
	https://9fbb8547.dc08e5abf96b10f3ab21bd72.workers.dev	Get hash	malicious	HTMLPhisher	Browse	52.96.183.226
	https://ecv.microsoft.com/sQaG6Mh4Hv	Get hash	malicious	Unknown	Browse	13.107.213.41
	Fax-847-0944.xlsx	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	Specifications & Profile Drawings For Ascential Tech (3).html	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	https://ecv.microsoft.com/DqwsPYDrNh	Get hash	malicious	Unknown	Browse	13.107.246.41
MICROSOFT-CORP-MSN-AS-BLOCKUS	EL76BXXsn2.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine, Xmrig, zgRAT	Browse	20.79.30.95
	https://falcon.us-2.crowdstrike.com/search/	Get hash	malicious	Unknown	Browse	13.107.246.40
	http://ecv.microsoft.com/zvxKfmNPZn	Get hash	malicious	HTMLPhisher	Browse	13.107.226.41
	file.exe	Get hash	malicious	RedLine	Browse	20.79.30.95
	https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=xyUGhl2bVUOmtShFGwg2LZ3FKIMjX35GvVD59jUPGMhUMFE3N1ZDNUlKUkZDNkRZUlJQQUdYSDBPTi4u	Get hash	malicious	Unknown	Browse	13.107.213.41
	https://9fbb8547.dc08e5abf96b10f3ab21bd72.workers.dev	Get hash	malicious	HTMLPhisher	Browse	52.96.183.226
	https://ecv.microsoft.com/sQaG6Mh4Hv	Get hash	malicious	Unknown	Browse	13.107.213.41
	Fax-847-0944.xlsx	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	Specifications & Profile Drawings For Ascential Tech (3).html	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	https://ecv.microsoft.com/DqwsPYDrNh	Get hash	malicious	Unknown	Browse	13.107.246.41

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	http://klienref.com	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	173.222.162.58 204.79.197.222 52.165.165.26
	http://ripnoticebook.com/cdn-vs/cache.php	Get hash	malicious	Unknown	Browse	173.222.162.58 204.79.197.222 52.165.165.26
	https://falcon.us-2.crowdstrike.com/search/	Get hash	malicious	Unknown	Browse	173.222.162.58 204.79.197.222 52.165.165.26
	statement.html	Get hash	malicious	Unknown	Browse	173.222.162.58 204.79.197.222 52.165.165.26
	https://www.canva.com/design/DAF7XjVVXrs/-M-ZAkUHHNvwgc7hHkRTJQ/view?utm_content=DAF7XjVVXrs&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	173.222.162.58 204.79.197.222 52.165.165.26
	https://link.mail.beehiiv.com/ls/click?upn=RJBLNjPHu2yKk-2Bu16K2FB3NBHFZoz97yjUwDDm-2FqWUaniKiHQ8kznOGZr1KyPDWb-2FcSrNdDqHTGUbfEK9WejqqsPTCaBIRy-2FczcE6GOqVHDDcD5SziBBsDXvKJj8DzCQiNEppuaFfPWlQG6bWZcxYM5y5ULuVGc4sFI1J4hnt2EYQspHuoiu9Ey-2Fxs9Oi3llwVTW_z-2BtqlVCnjZSGfdpo5Cb4PcEYh8VboE4TPRaGEZhhwsJcBz3D3KrX0EH-2Bin1-2F8dlB6mljS1nnpaWWJa7VlaLTeIDghSGeEKqtYyrIyNvJma38SRpT5U4k5CtKEXPg6odS6VIQ-2FCSCC3AcX6ZoTvNXIaQ1MQ4twV71OpBVk5P5cx6DgU12uGtemTVhPYmCGQiHnJEtztIuU9ZQ2aNx-2FYdWwPlWJ-2Bcv2nAtzB6lKK4zPT3fX9UQbasaJSMUBQnSzNo1t9ZgrKZkm2v5haTvnoViKkCXSnt1l7YsskjDMkD-2Bj3IH2DU8aT69iXF8XiCPC1rLZ9SbqPvmRvlOGNjYfCAff9q318RGxqNjiiHcmAdwv4DWF0RbH5lTIdAhQkvU21D6KIreh54W3NsC2aQ5fr-2B7jFA-2Fn7D52YnmgXV0hIRvsNSv6FUAv4pH6i6EcTpAvhWG	Get hash	malicious	HTMLPhisher	Browse	173.222.162.58 204.79.197.222 52.165.165.26
	https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-00a2-2401/Bct/g-00e9/l-00e4:4e5156/ct2_0/1/lu?sid=TV2%3A77KSjIGlP&c=E,1,oEV6T_FZXfcwsLJPdLRKsm5UxG5l1_dNlD0IFImFpjO05VML-T178ZPmvZqk5ormfZ0PuJEmGpb9jj51uxHqZ7XbQK5xoBbVXlPrmcKyudGsVoZJQcz-cg,,&typo=1	Get hash	malicious	Unknown	Browse	173.222.162.58 204.79.197.222 52.165.165.26
	https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-00a2-2401/Bct/g-00e9/l-00e4:4e5156/ct0_0/1/ms?sid=TV2%3A77KSjIGlP&c=E,1,H-3I34XCofY7CF4iLd9q9505Lnh108c4c1QSwg7mHu3TUhi8HaN-c5B4E5BGKwmzPKEc7h-Ma-Mc5tw_999BWeVa_kzCI2Uw24xRcuxYnYYEa_L2BpDayMpTQw,,&typo=1	Get hash	malicious	Unknown	Browse	173.222.162.58 204.79.197.222 52.165.165.26
	https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-00a2-2401/Bct/g-00e9/l-00e4:4e5156/ct1_0/1/lu?sid=TV2%3A77KSjIGlP&c=E,1,LGDi1DUhY2tIeheA-u9shqcUMetsFVFGeYy5XaiToSP9iPBdeiUA1tQCqV2canPEUMoaxPpIFMwKbQaigZTkU36yAW_0YmJTjPT-IU9c&typo=1	Get hash	malicious	Unknown	Browse	173.222.162.58 204.79.197.222 52.165.165.26
	https://transfer-sdksechr.com	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	173.222.162.58 204.79.197.222 52.165.165.26

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup.dll	5b1cxnTnnS.exe	Get hash	malicious	Unknown	Browse
	JITStarter.exe	Get hash	malicious	Unknown	Browse
	JITStarter.exe	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup32.dll	5b1cxnTnnS.exe	Get hash	malicious	Unknown	Browse
	JITStarter.exe	Get hash	malicious	Unknown	Browse
	JITStarter.exe	Get hash	malicious	Unknown	Browse

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
File Type:	Microsoft Cabinet archive data, many, 90857 bytes, 6 files, at 0x44 +A "xinput1_3_x64.cat" +A "xinput1_3.dll", flags 0x4, ID 9350, number 1, extra bytes 20 in head, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	100025
Entropy (8bit):	7.988437274786544
Encrypted:	false
SSDEEP:	3072:Mt5OSvuXSf2rbZu4Kmsr4eLRwPC5B9y7q:MTOBXSSpFI4/PM/ye
MD5:	FAE84E0773A74F367124C6D871516B7B
SHA1:	CAF8B9D7D4AF965BF445D052D1E835B680D6BBC3
SHA-256:	86EE073C199B5080FE4F5BE6AC24BB1117FEA42E4BBCD828B4F0EC26C669B22C
SHA-512:	CAF1381CAE7417B57FAEF56D0023BF90C90406748F8813AB85C687DDB81E2498D2F1D5F4BC154903FD5A19836E6F245CD6F5D3927A383F1ACC3BCC41B58FD09B
Malicious:	false
Reputation:	low
Preview:	MSCF.....b......D................$...........b...#...................(.........6+. .xinput1_3_x64.cat.h....(.....6. .xinput1_3.dll.h..........6.. .infinst.exe.\...h......6H. .apr2007_xinput_x64.inf............6G. .xinput1_3_x64.inf.....a......6H. .xinput1_3_x64_xp.inf...<.6..CK.\.\S.?....H3`@....B.....t.....D!.! " ].{..`AW........b.k/(....fNN ..z.}...g..of.7...\|3#.]4.j...."V.;u.".,..t....... o.!G4.G.<........!.I.P.'..t-B..T.N5...U.......2..S.....:....Ju.S.Q..v"D%..y.KR..B...a (.4.....7......x!L.\..u@.@...B.-G0......A..g...Dj8.j..L.X.."0."...^...kP.&@.}.....PP..k.p..\|.`..P..D"... .H.1.h.^.G...#...+Ls..7..!qH."@..."..;,....Iz;u.t....>..Ki.y.~.5M`)SR(..$....&P:........-F...@....-..C.&V....N...Z..!....~.....{X"eo.5.D6.u...Y.9...8.......pg8....g....4....j@.S..T..C.H..7..ID...!.HP}.....7U..@?1".yMi....aA.....[..&.M.0A..'L,.q. 6`..DZ...i2.t..(Sw...e..X..6 ..y$...>....D.&R......>....~..U.Z...X.B.5:HAn.IU..[ ..MH...8..Tgg'.H.G$H.$........)a...E b.y.>........t.....dF.

Process:	C:\Users\user\Downloads\dxwebsetup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	95576
Entropy (8bit):	6.500059286855779
Encrypted:	false
SSDEEP:	1536:BG8tBKv1HCyODN2wjIqlLmqxY3AMVI4I9okOEvc0/c/sZRYltL26VVE2S+JJqsHM:BptQv1iyODswNLmqxY3AMV71Ev54EAxa
MD5:	984CAD22FA542A08C5D22941B888D8DC
SHA1:	3E3522E7F3AF329F2235B0F0850D664D5377B3CD
SHA-256:	57BC22850BB8E0BCC511A9B54CD3DA18EEC61F3088940C07D63B9B74E7FE2308
SHA-512:	8EF171218B331F0591A4B2A5E68DCBAE98F5891518CE877F1D8D1769C59C0F4DDAE43CC43DA6606975078F889C832F0666484DB9E047782E7A0AE4A2D41F5BEF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 5b1cxnTnnS.exe, Detection: malicious, Browse Filename: JITStarter.exe, Detection: malicious, Browse Filename: JITStarter.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........xx...+...+...+..+...+...+F..+.6k+...+.6x+...+.6{+...+...+...+...+...+...+...+...+...+Rich...+................PE..L......M...........!........N.......k.......@.......................................Z....@..........................5..y...........p..h............^..X.......H...0................................6..@............................................text...)(.......*.................. ..`.data..../...@......................@....rsrc...h....p.......@..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................................................................................................................................................................

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 30 16:51:35 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9814399727989853
Encrypted:	false
SSDEEP:	48:8KOdbTE7+6i6He0idAKZdA1JehwiZUklqehekJy+3:8KKkT/Yy
MD5:	A3FC6ED4740E612813A48798D4D33D77
SHA1:	9C3CBFF7EB20D97C2FEB333786B382771248A7C7
SHA-256:	238032B204FC29B755DA80DD21B0E39082BD74C4BCBB536449D2021DF8F42314
SHA-512:	EEB935F0B8118BBFFCCB45ABB6AEB5BF610978AA210E43A9FF51BFE917988DA2E763ED9BF1919E14AC5DF57BB5CDEEC8960156A1643CD4032E395CF926A4019F
Malicious:	false
Preview:	L..................F.@.. ...$+.,....hoS..S......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>X`.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Xp.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Xp.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Xp............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Xr............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........5..N.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.6790332643076535
TrID:	Win64 Executable GUI (202006/5) 91.76% Win64 Executable (generic) (12005/4) 5.45% Clipper DOS Executable (2020/12) 0.92% Generic Win/DOS Executable (2004/3) 0.91% DOS Executable Generic (2002/1) 0.91%
File name:	Palworld.exe
File size:	182'784 bytes
MD5:	a9181a14270ad54407a16516c05817be
SHA1:	9102e64d9101096509414208c228d8d93da8ad6d
SHA256:	0a661adf06c2bef40749e9eba17ffccef0eb0e76321a5a21ec11ca60c34fb0dc
SHA512:	8e5269b94d478941d2ddc934b8a32356487802c53e048cd362ef8a6ca4534b54dfbf4627574a01774a36432f799cb8314afc3764c1019b089f1c99b0eef8d90a
SSDEEP:	3072:Zo6veDO++M3Qf+2vhDOSmjIZuJgNkCS5Bn0j3Ocd5vE:yIk/+MAfNhDxmPqFS5Bn0jE
TLSH:	6C048C0BB3E131F5E077D63488E1054AEBB7B87107609B5F079446AA6F232919D3EBB1
File Content Preview:	MZ......................@......................................................................................................................................................................................................................................

Entrypoint:	0x140001ca8
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6591C9D8 [Sun Dec 31 20:06:48 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	152cf0529281259defb94b0c7bdbe8e7

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1f44c	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x25000	0xb884	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x22000	0x1218	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x31000	0x69c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1da30	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x1d8f0	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x15000	0x2f0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x13090	0x13200	c9fe39a966d1a3a7917f96d5cfb8292d	False	0.5882608251633987	data	6.481507035274942	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x15000	0xae4e	0xb000	e95ab1decee529cfdd54887c3a420b65	False	0.4572975852272727	data	4.901633412003391	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x20000	0x1da0	0xc00	6cc72702ca22b00f71049538cb757a96	False	0.14453125	data	2.0333283096147357	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x22000	0x1218	0x1400	0140da53bc107634e7d03c3769bfe674	False	0.440234375	data	4.613862077120318	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x24000	0x15c	0x200	2851ab45dfabaf770e5631ccfadc5b6e	False	0.384765625	data	2.826220759254903	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x25000	0xb884	0xba00	9cc64b5591dd31640f68f6272bf07703	False	0.7895455309139785	data	7.717262295885247	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x31000	0x69c	0x800	457bb5db21617d7e97997f044eaa29b7	False	0.50048828125	data	4.948591759381074	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x252f8	0x56b9	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9977478491959821
RT_ICON	0x2a9b4	0x98f	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced	English	United States	0.7159787494891704
RT_ICON	0x2b344	0x9e7	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	English	United States	0.7317554240631163
RT_ICON	0x2bd2c	0xbdd	PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced	English	United States	0.7728021073427724
RT_ICON	0x2c90c	0xcac	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	English	United States	0.7919235511713933
RT_ICON	0x2d5b8	0xdcb	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced	English	United States	0.8088360237892949
RT_ICON	0x2e384	0x1b13	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.8928004616938393
RT_RCDATA	0x2fe98	0x5e	data	English	United States	0.776595744680851
RT_RCDATA	0x2fef8	0x8	data	English	United States	2.0
RT_GROUP_ICON	0x2ff00	0x14	data	English	United States	1.05
RT_GROUP_ICON	0x2ff14	0x68	data	English	United States	0.7692307692307693
RT_VERSION	0x2ff7c	0x388	data	English	United States	0.4657079646017699
RT_MANIFEST	0x30304	0x580	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1348), with CRLF line terminators	English	United States	0.4403409090909091

DLL	Import
KERNEL32.dll	GetExitCodeProcess, CreateProcessW, GetModuleFileNameW, LoadResource, LockResource, WaitForSingleObject, FindResourceW, LoadLibraryW, WriteConsoleW, CreateFileW, GetLastError, CloseHandle, SizeofResource, GetFileAttributesW, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, HeapReAlloc, HeapSize, SetFilePointerEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwindEx, RtlPcToFileHeader, RaiseException, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, HeapAlloc, GetFileType, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetStringTypeW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, LCMapStringW, GetProcessHeap
USER32.dll	wsprintfW, MessageBoxW
ADVAPI32.dll	RegOpenKeyExW, RegCloseKey, RegQueryValueExW
SHELL32.dll	ShellExecuteExW
SHLWAPI.dll	PathCombineW, PathRemoveFileSpecW, PathCanonicalizeW

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 30, 2024 18:51:33.994330883 CET	192.168.2.17	1.1.1.1	0x787a	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:33.994580030 CET	192.168.2.17	1.1.1.1	0xde11	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Jan 30, 2024 18:51:33.995210886 CET	192.168.2.17	1.1.1.1	0x2967	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:33.995528936 CET	192.168.2.17	1.1.1.1	0xa36b	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Jan 30, 2024 18:51:33.996587992 CET	192.168.2.17	1.1.1.1	0x8af7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:33.996844053 CET	192.168.2.17	1.1.1.1	0x93b8	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 30, 2024 18:51:36.025755882 CET	192.168.2.17	1.1.1.1	0x7997	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:36.025958061 CET	192.168.2.17	1.1.1.1	0x997a	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Jan 30, 2024 18:51:40.344660997 CET	192.168.2.17	1.1.1.1	0xeac8	Standard query (0)	id.google.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:40.345007896 CET	192.168.2.17	1.1.1.1	0xf6a6	Standard query (0)	id.google.com	65	IN (0x0001)	false
Jan 30, 2024 18:51:40.456746101 CET	192.168.2.17	1.1.1.1	0x8ada	Standard query (0)	dns-tunnel-check.googlezip.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:40.459213972 CET	192.168.2.17	1.1.1.1	0x406	Standard query (0)	tunnel.googlezip.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:41.004833937 CET	192.168.2.17	1.1.1.1	0x4d1	Standard query (0)	tunnel.googlezip.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:41.755816936 CET	192.168.2.17	1.1.1.1	0x72cd	Standard query (0)	i.ytimg.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:41.756127119 CET	192.168.2.17	1.1.1.1	0x279b	Standard query (0)	i.ytimg.com	65	IN (0x0001)	false
Jan 30, 2024 18:51:42.582861900 CET	192.168.2.17	1.1.1.1	0x8e74	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:42.583036900 CET	192.168.2.17	1.1.1.1	0x8027	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Jan 30, 2024 18:51:46.317028999 CET	192.168.2.17	1.1.1.1	0x2e19	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:46.317517996 CET	192.168.2.17	1.1.1.1	0x6226	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Jan 30, 2024 18:51:47.781255007 CET	192.168.2.17	1.1.1.1	0xd578	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:47.781940937 CET	192.168.2.17	1.1.1.1	0xf9a8	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Jan 30, 2024 18:51:48.791774988 CET	192.168.2.17	1.1.1.1	0x1108	Standard query (0)	i.ytimg.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:48.792205095 CET	192.168.2.17	1.1.1.1	0x2119	Standard query (0)	i.ytimg.com	65	IN (0x0001)	false
Jan 30, 2024 18:51:50.229830027 CET	192.168.2.17	1.1.1.1	0xfb97	Standard query (0)	googleads.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:50.230042934 CET	192.168.2.17	1.1.1.1	0x8624	Standard query (0)	googleads.g.doubleclick.net	65	IN (0x0001)	false
Jan 30, 2024 18:51:50.237291098 CET	192.168.2.17	1.1.1.1	0xc4ad	Standard query (0)	static.doubleclick.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:50.237507105 CET	192.168.2.17	1.1.1.1	0xace	Standard query (0)	static.doubleclick.net	65	IN (0x0001)	false
Jan 30, 2024 18:51:56.356414080 CET	192.168.2.17	1.1.1.1	0x6f34	Standard query (0)	c.s-microsoft.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:56.356584072 CET	192.168.2.17	1.1.1.1	0x8aae	Standard query (0)	c.s-microsoft.com	65	IN (0x0001)	false
Jan 30, 2024 18:51:56.468537092 CET	192.168.2.17	1.1.1.1	0x95ca	Standard query (0)	lptag.liveperson.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:56.468718052 CET	192.168.2.17	1.1.1.1	0x7568	Standard query (0)	lptag.liveperson.net	65	IN (0x0001)	false
Jan 30, 2024 18:51:56.588779926 CET	192.168.2.17	1.1.1.1	0x8bc9	Standard query (0)	lpcdn.lpsnmedia.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:56.589107990 CET	192.168.2.17	1.1.1.1	0xf36d	Standard query (0)	lpcdn.lpsnmedia.net	65	IN (0x0001)	false
Jan 30, 2024 18:51:56.589822054 CET	192.168.2.17	1.1.1.1	0x2c62	Standard query (0)	accdn.lpsnmedia.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:56.590095043 CET	192.168.2.17	1.1.1.1	0xe7a7	Standard query (0)	accdn.lpsnmedia.net	65	IN (0x0001)	false
Jan 30, 2024 18:51:56.709428072 CET	192.168.2.17	1.1.1.1	0xd62c	Standard query (0)	publisher.liveperson.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:56.709738016 CET	192.168.2.17	1.1.1.1	0xa315	Standard query (0)	publisher.liveperson.net	65	IN (0x0001)	false
Jan 30, 2024 18:51:56.832057953 CET	192.168.2.17	1.1.1.1	0x65a6	Standard query (0)	www.clarity.ms	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:56.832300901 CET	192.168.2.17	1.1.1.1	0x5447	Standard query (0)	www.clarity.ms	65	IN (0x0001)	false
Jan 30, 2024 18:51:56.953588963 CET	192.168.2.17	1.1.1.1	0xdb93	Standard query (0)	mem.gfx.ms	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:56.953783989 CET	192.168.2.17	1.1.1.1	0x65bf	Standard query (0)	mem.gfx.ms	65	IN (0x0001)	false
Jan 30, 2024 18:51:56.955507040 CET	192.168.2.17	1.1.1.1	0x3f27	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:56.955864906 CET	192.168.2.17	1.1.1.1	0x532a	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Jan 30, 2024 18:51:57.078938961 CET	192.168.2.17	1.1.1.1	0x6caa	Standard query (0)	d.impactradius-event.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:57.079207897 CET	192.168.2.17	1.1.1.1	0xc52	Standard query (0)	d.impactradius-event.com	65	IN (0x0001)	false
Jan 30, 2024 18:51:57.080949068 CET	192.168.2.17	1.1.1.1	0xa1d2	Standard query (0)	cdnssl.clicktale.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:57.081234932 CET	192.168.2.17	1.1.1.1	0x7674	Standard query (0)	cdnssl.clicktale.net	65	IN (0x0001)	false
Jan 30, 2024 18:51:57.203308105 CET	192.168.2.17	1.1.1.1	0xda47	Standard query (0)	analytics.tiktok.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:51:57.203526974 CET	192.168.2.17	1.1.1.1	0xd0c9	Standard query (0)	analytics.tiktok.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:01.931251049 CET	192.168.2.17	1.1.1.1	0x4087	Standard query (0)	acctcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:01.931425095 CET	192.168.2.17	1.1.1.1	0x9e8a	Standard query (0)	acctcdn.msftauth.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:02.048835039 CET	192.168.2.17	1.1.1.1	0x2b8c	Standard query (0)	dpm.demdex.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:02.049035072 CET	192.168.2.17	1.1.1.1	0xb2ac	Standard query (0)	dpm.demdex.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:02.079410076 CET	192.168.2.17	1.1.1.1	0xdd87	Standard query (0)	logincdn.msftauth.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:02.079605103 CET	192.168.2.17	1.1.1.1	0x2fcb	Standard query (0)	logincdn.msftauth.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:02.297703981 CET	192.168.2.17	1.1.1.1	0x73e7	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:02.298048973 CET	192.168.2.17	1.1.1.1	0xfa3c	Standard query (0)	www.facebook.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:02.421366930 CET	192.168.2.17	1.1.1.1	0x6277	Standard query (0)	px.ads.linkedin.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:02.421870947 CET	192.168.2.17	1.1.1.1	0xdf3	Standard query (0)	px.ads.linkedin.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:02.519959927 CET	192.168.2.17	1.1.1.1	0xe08d	Standard query (0)	mem.gfx.ms	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:02.520215988 CET	192.168.2.17	1.1.1.1	0xf211	Standard query (0)	mem.gfx.ms	65	IN (0x0001)	false
Jan 30, 2024 18:52:02.536514997 CET	192.168.2.17	1.1.1.1	0x4c3b	Standard query (0)	ats.everesttech.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:02.536788940 CET	192.168.2.17	1.1.1.1	0x4c00	Standard query (0)	ats.everesttech.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:02.618742943 CET	192.168.2.17	1.1.1.1	0x6c6c	Standard query (0)	microsoft.msafflnk.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:02.619043112 CET	192.168.2.17	1.1.1.1	0x41ec	Standard query (0)	microsoft.msafflnk.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:02.622070074 CET	192.168.2.17	1.1.1.1	0x34b5	Standard query (0)	googleads.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:02.622325897 CET	192.168.2.17	1.1.1.1	0x19a8	Standard query (0)	googleads.g.doubleclick.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:02.698187113 CET	192.168.2.17	1.1.1.1	0x83d3	Standard query (0)	mscom.demdex.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:02.698499918 CET	192.168.2.17	1.1.1.1	0xbedc	Standard query (0)	mscom.demdex.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:02.713620901 CET	192.168.2.17	1.1.1.1	0x51d2	Standard query (0)	msftenterprise.sc.omtrdc.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:02.713913918 CET	192.168.2.17	1.1.1.1	0x3aa1	Standard query (0)	msftenterprise.sc.omtrdc.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:02.748395920 CET	192.168.2.17	1.1.1.1	0x9ac1	Standard query (0)	q-aus1.clicktale.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:02.748658895 CET	192.168.2.17	1.1.1.1	0x2516	Standard query (0)	q-aus1.clicktale.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:02.878937006 CET	192.168.2.17	1.1.1.1	0xf3cb	Standard query (0)	cm.everesttech.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:02.879108906 CET	192.168.2.17	1.1.1.1	0xe12f	Standard query (0)	cm.everesttech.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:02.883845091 CET	192.168.2.17	1.1.1.1	0xfe41	Standard query (0)	c.clicktale.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:02.884239912 CET	192.168.2.17	1.1.1.1	0x2d6c	Standard query (0)	c.clicktale.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:03.185616016 CET	192.168.2.17	1.1.1.1	0x771c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:03.185914993 CET	192.168.2.17	1.1.1.1	0x297	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:03.187467098 CET	192.168.2.17	1.1.1.1	0x8a5f	Standard query (0)	srm.bf.contentsquare.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:03.187724113 CET	192.168.2.17	1.1.1.1	0x8187	Standard query (0)	srm.bf.contentsquare.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:03.326057911 CET	192.168.2.17	1.1.1.1	0x81cd	Standard query (0)	ib.adnxs.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:03.326226950 CET	192.168.2.17	1.1.1.1	0xe332	Standard query (0)	ib.adnxs.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:03.437973976 CET	192.168.2.17	1.1.1.1	0x185b	Standard query (0)	idsync.rlcdn.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:03.438270092 CET	192.168.2.17	1.1.1.1	0x6dcc	Standard query (0)	idsync.rlcdn.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:03.517772913 CET	192.168.2.17	1.1.1.1	0xaa47	Standard query (0)	www.ojrq.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:03.518075943 CET	192.168.2.17	1.1.1.1	0xb76a	Standard query (0)	www.ojrq.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:03.598716974 CET	192.168.2.17	1.1.1.1	0x150a	Standard query (0)	k-aus1.clicktale.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:03.598802090 CET	192.168.2.17	1.1.1.1	0x1219	Standard query (0)	k-aus1.clicktale.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:03.707483053 CET	192.168.2.17	1.1.1.1	0x8661	Standard query (0)	www.linkedin.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:03.707839012 CET	192.168.2.17	1.1.1.1	0x43a7	Standard query (0)	www.linkedin.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:03.771883965 CET	192.168.2.17	1.1.1.1	0xd3b2	Standard query (0)	cm.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:03.772317886 CET	192.168.2.17	1.1.1.1	0x8b97	Standard query (0)	cm.g.doubleclick.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:04.411812067 CET	192.168.2.17	1.1.1.1	0xe64a	Standard query (0)	dpm.demdex.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:04.412005901 CET	192.168.2.17	1.1.1.1	0x7e9	Standard query (0)	dpm.demdex.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:04.697926044 CET	192.168.2.17	1.1.1.1	0xdbcb	Standard query (0)	u.clarity.ms	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:04.698242903 CET	192.168.2.17	1.1.1.1	0x4e66	Standard query (0)	u.clarity.ms	65	IN (0x0001)	false
Jan 30, 2024 18:52:04.773869991 CET	192.168.2.17	1.1.1.1	0x5c94	Standard query (0)	rtd.tubemogul.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:04.774285078 CET	192.168.2.17	1.1.1.1	0x8b34	Standard query (0)	rtd.tubemogul.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:05.328638077 CET	192.168.2.17	1.1.1.1	0x26a5	Standard query (0)	rtd-tm.everesttech.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:05.328943968 CET	192.168.2.17	1.1.1.1	0x7edc	Standard query (0)	rtd-tm.everesttech.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:05.769908905 CET	192.168.2.17	1.1.1.1	0x79fa	Standard query (0)	idpix.media6degrees.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:05.770076036 CET	192.168.2.17	1.1.1.1	0xf184	Standard query (0)	idpix.media6degrees.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:06.768529892 CET	192.168.2.17	1.1.1.1	0x729	Standard query (0)	analytics.twitter.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:06.768605947 CET	192.168.2.17	1.1.1.1	0xe9cd	Standard query (0)	analytics.twitter.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:07.760464907 CET	192.168.2.17	1.1.1.1	0x3cfb	Standard query (0)	match.adsrvr.org	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:07.760776997 CET	192.168.2.17	1.1.1.1	0x2bb1	Standard query (0)	match.adsrvr.org	65	IN (0x0001)	false
Jan 30, 2024 18:52:08.766685963 CET	192.168.2.17	1.1.1.1	0x6663	Standard query (0)	cms.quantserve.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:08.767326117 CET	192.168.2.17	1.1.1.1	0x898e	Standard query (0)	cms.quantserve.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:10.771358967 CET	192.168.2.17	1.1.1.1	0xc97f	Standard query (0)	servedby.flashtalking.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:10.771534920 CET	192.168.2.17	1.1.1.1	0xc0e2	Standard query (0)	servedby.flashtalking.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:11.768260002 CET	192.168.2.17	1.1.1.1	0x6d8d	Standard query (0)	a.tribalfusion.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:11.768376112 CET	192.168.2.17	1.1.1.1	0x22e7	Standard query (0)	a.tribalfusion.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:12.471245050 CET	192.168.2.17	1.1.1.1	0xe757	Standard query (0)	s.tribalfusion.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:12.471447945 CET	192.168.2.17	1.1.1.1	0xcc98	Standard query (0)	s.tribalfusion.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:12.772828102 CET	192.168.2.17	1.1.1.1	0x2f69	Standard query (0)	cms.analytics.yahoo.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:12.772934914 CET	192.168.2.17	1.1.1.1	0x5892	Standard query (0)	cms.analytics.yahoo.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:13.357070923 CET	192.168.2.17	1.1.1.1	0x9e1a	Standard query (0)	ups.analytics.yahoo.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:13.357180119 CET	192.168.2.17	1.1.1.1	0x8518	Standard query (0)	ups.analytics.yahoo.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:13.772540092 CET	192.168.2.17	1.1.1.1	0xbc93	Standard query (0)	px.owneriq.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:13.772825003 CET	192.168.2.17	1.1.1.1	0xed4b	Standard query (0)	px.owneriq.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:14.761580944 CET	192.168.2.17	1.1.1.1	0x1e59	Standard query (0)	jadserve.postrelease.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:14.761734962 CET	192.168.2.17	1.1.1.1	0xcc97	Standard query (0)	jadserve.postrelease.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:15.765979052 CET	192.168.2.17	1.1.1.1	0x1cc0	Standard query (0)	ds.reson8.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:15.766172886 CET	192.168.2.17	1.1.1.1	0x321b	Standard query (0)	ds.reson8.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:16.770571947 CET	192.168.2.17	1.1.1.1	0xb26d	Standard query (0)	bttrack.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:16.771337986 CET	192.168.2.17	1.1.1.1	0x7990	Standard query (0)	bttrack.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:17.759646893 CET	192.168.2.17	1.1.1.1	0x831f	Standard query (0)	dmpsync.3lift.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:17.759829998 CET	192.168.2.17	1.1.1.1	0x1d73	Standard query (0)	dmpsync.3lift.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:18.765256882 CET	192.168.2.17	1.1.1.1	0xf45b	Standard query (0)	ag.innovid.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:18.765549898 CET	192.168.2.17	1.1.1.1	0xa226	Standard query (0)	ag.innovid.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:19.767647982 CET	192.168.2.17	1.1.1.1	0x291f	Standard query (0)	rtb.adentifi.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:19.767875910 CET	192.168.2.17	1.1.1.1	0x4836	Standard query (0)	rtb.adentifi.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:20.760368109 CET	192.168.2.17	1.1.1.1	0xd6d7	Standard query (0)	sync.crwdcntrl.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:20.760550022 CET	192.168.2.17	1.1.1.1	0xc86c	Standard query (0)	sync.crwdcntrl.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:21.772300005 CET	192.168.2.17	1.1.1.1	0xd1cb	Standard query (0)	sync-tm.everesttech.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:21.773447990 CET	192.168.2.17	1.1.1.1	0x9a76	Standard query (0)	sync-tm.everesttech.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:25.185739040 CET	192.168.2.17	1.1.1.1	0xfafa	Standard query (0)	pixel.rubiconproject.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:25.185925961 CET	192.168.2.17	1.1.1.1	0x1cef	Standard query (0)	pixel.rubiconproject.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:26.187593937 CET	192.168.2.17	1.1.1.1	0x468a	Standard query (0)	dsum-sec.casalemedia.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:26.187730074 CET	192.168.2.17	1.1.1.1	0x582f	Standard query (0)	dsum-sec.casalemedia.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:28.189691067 CET	192.168.2.17	1.1.1.1	0x1f6a	Standard query (0)	us-u.openx.net	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:28.189855099 CET	192.168.2.17	1.1.1.1	0x3c94	Standard query (0)	us-u.openx.net	65	IN (0x0001)	false
Jan 30, 2024 18:52:29.186682940 CET	192.168.2.17	1.1.1.1	0x8c60	Standard query (0)	image2.pubmatic.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:29.187017918 CET	192.168.2.17	1.1.1.1	0x6259	Standard query (0)	image2.pubmatic.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:30.197552919 CET	192.168.2.17	1.1.1.1	0xbe3a	Standard query (0)	sync.search.spotxchange.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:30.198175907 CET	192.168.2.17	1.1.1.1	0xa1a3	Standard query (0)	sync.search.spotxchange.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:30.318298101 CET	192.168.2.17	1.1.1.1	0x682e	Standard query (0)	sync.search.spotxchange.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:31.186836004 CET	192.168.2.17	1.1.1.1	0xf83e	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:31.187004089 CET	192.168.2.17	1.1.1.1	0xfc70	Standard query (0)	www.facebook.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:31.760729074 CET	192.168.2.17	1.1.1.1	0xc476	Standard query (0)	trc.taboola.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:31.760833025 CET	192.168.2.17	1.1.1.1	0x6c28	Standard query (0)	trc.taboola.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:32.767218113 CET	192.168.2.17	1.1.1.1	0x7867	Standard query (0)	sync.srv.stackadapt.com	A (IP address)	IN (0x0001)	false
Jan 30, 2024 18:52:32.767560005 CET	192.168.2.17	1.1.1.1	0x8833	Standard query (0)	sync.srv.stackadapt.com	65	IN (0x0001)	false
Jan 30, 2024 18:52:43.847326994 CET	192.168.2.17	1.1.1.1	0x4e95	Standard query (0)	sync.search.spotxchange.com	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:27 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=NvNedGrehGN2W1y&MD=3Z8G6gZk HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-01-30 17:51:28 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 36775c40-17f1-4926-ae77-7b602e70b73d MS-RequestId: 745d2ac7-b43d-4637-870a-a795fc5d0cfc MS-CV: qvXmCt4cr0y7e+ov.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 30 Jan 2024 17:51:27 GMT Connection: close Content-Length: 24490
2024-01-30 17:51:28 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-01-30 17:51:28 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:28 UTC	2197	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A41090080B6 X-BM-CBT: 1696586925 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: AC9A64CD89F84E63943FA8FE73357759 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A41090080B6 X-MSEdge-ExternalExp: asynccls1cf,bfbwsbcm0921tf,d-thshld42,fliptrat6,msaslm5t,qfswpos_t1,wsbref-t,wsbuacf X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 951 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=1DC02F3E55E9691B00B73C9C54F0686B&CPID=1696586926722&AC=1&CPH=4790f32e; _EDGE_S=SID=1DC02F3E55E9691B00B73C9C54F0686B; SRCHUID=V=2&GUID=1F8137B2323E40B3851AF1909FBE6E0A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1696586886&IPMH=f2fb8120&IPMID=1696586925774&LUT=1696586525257; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
2024-01-30 17:51:28 UTC	951	OUT	Data Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 34 35 39 30 33 36 32 42 42 35 43 46 34 37 32 42 39 35 42 42 45 44 42 33 31 31 32 44 34 42 37 42 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 33 41 36 34 37 39 34 36 41 30 33 38 34 36 31 30 41 38 35 45 38 39 38 38 32 41 35 30 34 43 45 35 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 Data Ascii: <ClientInstRequest><CID>4590362BB5CF472B95BBEDB3112D4B7B</CID><Events><E><T>Event.ClientInst</T><IG>3A647946A0384610A85E89882A504CE5</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"C
2024-01-30 17:51:28 UTC	479	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 38951FE0D0F5475DA72871158C9D0799 Ref B: LAX311000112035 Ref C: 2024-01-30T17:51:28Z Date: Tue, 30 Jan 2024 17:51:28 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.3aa6dc17.1706637088.b86bc0a

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:34 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
2024-01-30 17:51:34 UTC	1	OUT	Data Raw: 20 Data Ascii:
2024-01-30 17:51:34 UTC	1799	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 30 Jan 2024 17:51:34 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-WzHS3QtxGrexjCFwFc2kVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmLw15BiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQFiIR6OZe-erGUT6Nj1-gMjALrYGDA" Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-01-30 17:51:34 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2024-01-30 17:51:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:34 UTC	824	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
2024-01-30 17:51:34 UTC	1703	IN	HTTP/1.1 200 OK Date: Tue, 30 Jan 2024 17:51:34 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-L_hGrK_7CmhFJd55GepMRQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-01-30 17:51:34 UTC	1703	IN	Data Raw: 66 33 62 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6a 6f 72 67 65 20 70 6f 6c 61 6e 63 6f 20 6d 69 6e 6e 65 73 6f 74 61 20 74 77 69 6e 73 22 2c 22 70 68 69 6c 69 70 73 20 63 70 61 70 20 6d 61 63 68 69 6e 65 73 22 2c 22 6d 65 74 61 7a 6f 6f 20 67 61 6d 65 73 20 73 68 75 74 73 20 64 6f 77 6e 22 2c 22 73 65 61 73 6f 6e 20 39 20 6f 76 65 72 77 61 74 63 68 20 70 61 74 63 68 20 6e 6f 74 65 73 22 2c 22 74 65 6b 6b 65 6e 20 38 20 74 69 65 72 20 6c 69 73 74 22 2c 22 6a 65 66 66 20 67 6f 6f 64 6d 61 6e 20 63 6f 6c 6c 65 67 65 20 62 61 73 6b 65 74 62 61 6c 6c 22 2c 22 72 6f 79 61 6c 20 63 61 72 69 62 62 65 61 6e 20 6c 61 72 67 65 73 74 20 63 72 75 69 73 65 20 73 68 69 70 22 2c 22 69 70 68 6f 6e 65 20 6e 65 77 20 65 6d 6f 6a 69 73 20 32 30 32 34 22 5d 2c 5b 22 22 2c 22 Data Ascii: f3b)]}'["",["jorge polanco minnesota twins","philips cpap machines","metazoo games shuts down","season 9 overwatch patch notes","tekken 8 tier list","jeff goodman college basketball","royal caribbean largest cruise ship","iphone new emojis 2024"],["","
2024-01-30 17:51:34 UTC	1703	IN	Data Raw: 30 4f 44 51 34 65 6b 59 33 52 31 49 33 63 33 70 44 4b 32 35 54 52 57 39 43 4f 45 5a 47 56 55 46 75 62 6d 35 6b 61 6c 42 50 5a 6b 4a 49 59 58 55 30 57 6b 4d 34 59 33 51 30 65 57 55 35 54 45 6c 53 62 58 4e 61 59 58 56 35 56 6d 49 78 52 6c 52 6b 53 55 4a 50 63 47 52 68 61 6b 5a 7a 63 6b 64 33 63 32 35 58 56 32 46 6a 63 56 46 49 57 57 4e 78 61 57 6f 72 65 47 74 75 4d 45 68 31 53 33 52 70 54 7a 52 6c 53 6d 64 31 55 33 6b 72 61 48 4a 72 4d 43 39 55 59 6c 42 55 56 57 56 51 56 48 4a 68 54 30 4e 4c 56 31 59 31 63 45 46 70 5a 32 4a 75 59 6e 56 6d 64 6a 4a 79 62 32 52 6b 64 6c 42 32 55 30 56 4a 64 31 64 4a 56 31 64 54 62 54 6c 5a 4e 46 4a 55 53 6b 77 72 62 6e 59 32 52 32 78 4c 59 6d 67 34 63 56 5a 45 4e 58 70 36 56 47 70 53 62 33 46 6d 4c 7a 6c 72 50 54 6f 64 61 6d Data Ascii: 0ODQ4ekY3R1I3c3pDK25TRW9COEZGVUFubm5kalBPZkJIYXU0WkM4Y3Q0eWU5TElSbXNaYXV5VmIxRlRkSUJPcGRhakZzckd3c25XV2FjcVFIWWNxaWoreGtuMEh1S3RpTzRlSmd1U3kraHJrMC9UYlBUVWVQVHJhT0NLV1Y1cEFpZ2JuYnVmdjJyb2RkdlB2U0VJd1dJV1dTbTlZNFJUSkwrbnY2R2xLYmg4cVZENXp6VGpSb3FmLzlrPTodam
2024-01-30 17:51:34 UTC	500	IN	Data Raw: 48 42 5a 55 33 42 33 62 6c 70 4c 56 57 70 4b 54 6b 39 46 52 32 4d 78 53 56 63 33 52 56 55 32 4d 54 67 76 52 6c 4e 71 4e 58 52 73 51 7a 6c 53 59 56 56 77 54 31 46 45 57 45 35 6b 5a 58 4e 36 64 48 51 77 61 31 4e 47 56 6e 46 56 54 54 46 30 54 6b 4e 76 59 6c 5a 56 55 57 74 6e 56 6d 74 56 53 57 39 6f 64 6c 68 45 55 6d 68 53 55 32 68 4c 62 48 4a 56 52 58 42 54 54 58 46 56 56 47 64 42 5a 55 70 77 53 33 5a 46 64 55 4a 6b 53 6d 4a 46 63 55 78 4c 61 46 42 53 57 48 5a 77 55 53 74 59 55 55 56 42 61 46 64 6e 61 32 73 35 54 57 70 5a 4f 47 6f 77 63 45 59 72 53 79 39 48 56 58 55 31 57 45 64 55 57 57 39 54 61 57 6b 7a 65 47 35 54 4d 6a 5a 46 53 47 56 54 4e 45 52 6e 5a 79 39 5a 53 7a 4a 34 4d 58 68 72 4f 55 31 4f 5a 6b 52 47 63 6d 67 79 61 56 42 44 57 57 78 79 55 30 63 30 Data Ascii: HBZU3B3blpLVWpKTk9FR2MxSVc3RVU2MTgvRlNqNXRsQzlSYVVwT1FEWE5kZXN6dHQwa1NGVnFVTTF0TkNvYlZVUWtnVmtVSW9odlhEUmhSU2hLbHJVRXBTTXFVVGdBZUpwS3ZFdUJkSmJFcUxLaFBSWHZwUStYUUVBaFdna2s5TWpZOGowcEYrSy9HVXU1WEdUWW9TaWkzeG5TMjZFSGVTNERnZy9ZSzJ4MXhrOU1OZkRGcmgyaVBDWWxyU0c0
2024-01-30 17:51:34 UTC	886	IN	Data Raw: 33 36 66 0d 0a 49 63 6c 52 7a 56 6b 4a 54 51 58 42 44 5a 33 42 4c 61 47 74 47 53 6e 6c 44 55 45 56 57 4f 48 46 43 63 32 52 53 65 58 41 34 4b 30 5a 51 52 6b 31 70 4d 31 68 31 55 46 70 77 52 48 6c 71 59 6e 42 68 64 58 70 52 4d 6e 4d 33 54 58 56 49 64 57 78 51 5a 30 4e 6b 63 32 4e 7a 62 6b 35 47 52 31 4d 35 61 46 4a 76 4e 57 6c 6e 52 6b 4d 72 4b 32 31 4f 53 47 52 72 54 44 64 79 55 30 5a 4d 56 6a 56 42 57 6e 4a 4a 53 48 6f 31 59 54 64 6a 59 6d 34 34 55 56 5a 7a 61 32 46 74 4d 6e 42 71 65 6a 64 34 4e 6b 4a 4c 52 6d 73 31 4c 30 39 51 65 55 74 75 4f 47 51 7a 64 44 56 73 4b 31 4a 42 59 55 39 75 4e 57 68 32 52 48 42 49 55 6b 70 56 52 48 41 35 5a 45 39 51 53 57 74 6b 59 54 4d 76 52 47 56 54 4d 6a 49 78 5a 58 42 55 65 57 64 49 4d 30 4d 79 52 6e 45 34 52 54 52 56 62 Data Ascii: 36fIclRzVkJTQXBDZ3BLaGtGSnlDUEVWOHFCc2RSeXA4K0ZQRk1pM1h1UFpwRHlqYnBhdXpRMnM3TXVIdWxQZ0Nkc2Nzbk5GR1M5aFJvNWlnRkMrK21OSGRrTDdyU0ZMVjVBWnJJSHo1YTdjYm44UVZza2FtMnBqejd4NkJLRms1L09QeUtuOGQzdDVsK1JBYU9uNWh2RHBIUkpVRHA5ZE9QSWtkYTMvRGVTMjIxZXBUeWdIM0MyRnE4RTRVb
2024-01-30 17:51:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:34 UTC	727	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
2024-01-30 17:51:34 UTC	1479	IN	HTTP/1.1 200 OK Version: 602283465 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Date: Tue, 30 Jan 2024 17:51:34 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-01-30 17:51:34 UTC	1479	IN	Data Raw: 32 30 64 30 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4f 61 20 67 62 5f 66 62 20 67 62 5f 54 64 20 67 62 5f 6d 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 20d0)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Oa gb_fb gb_Td gb_md\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-01-30 17:51:34 UTC	1479	IN	Data Raw: 30 33 64 5c 22 67 62 5f 46 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 38 64 20 67 62 5f 48 63 20 67 62 5f 36 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4c 63 20 67 62 5f 35 64 5c 22 20 61 72 69 61 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c Data Ascii: 03d\"gb_Fc\"\u003e\u003ca class\u003d\"gb_8d gb_Hc gb_6d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Lc gb_5d\" aria-hidden\u003d\"true\" role\u003d\"presentation\"\u003e\u003c\/span\u003e\u003c\/a\u003e\u003c\
2024-01-30 17:51:34 UTC	1479	IN	Data Raw: 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 53 65 61 72 63 68 20 4c 61 62 73 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 68 74 74 70 73 3a 2f 2f 6c 61 62 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 65 61 72 63 68 3f 73 6f 75 72 63 65 5c 75 30 30 33 64 6e 74 70 5c 22 20 74 61 72 67 65 74 5c 75 30 30 33 64 5c 22 5f 74 6f 70 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 67 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 Data Ascii: aria-label\u003d\"Search Labs\" href\u003d\"https://labs.google.com/search?source\u003dntp\" target\u003d\"_top\" role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_g\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0
2024-01-30 17:51:34 UTC	1479	IN	Data Raw: 33 63 5c 2f 61 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 20 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 6b 20 67 62 5f 76 20 67 62 5f 49 5c 22 20 64 61 74 61 2d 6f 67 73 72 2d 66 62 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 64 61 74 61 2d 6f 67 73 72 2d 61 6c 74 5c 75 30 30 33 64 5c 22 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 77 61 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 66 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 20 61 70 70 73 5c 22 Data Ascii: 3c\/a\u003e \u003c\/div\u003e \u003c\/div\u003e \u003cdiv class\u003d\"gb_k gb_v gb_I\" data-ogsr-fb\u003d\"true\" data-ogsr-alt\u003d\"\" id\u003d\"gbwa\"\u003e\u003cdiv class\u003d\"gb_f\"\u003e\u003ca class\u003d\"gb_d\" aria-label\u003d\"Google apps\"
2024-01-30 17:51:34 UTC	1479	IN	Data Raw: 72 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 55 63 20 67 62 5f 53 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 34 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 46 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 38 64 20 67 62 5f 48 63 20 67 62 5f 36 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 Data Ascii: r\u003e\u003cdiv class\u003d\"gb_Uc gb_Sc\"\u003e\u003cdiv class\u003d\"gb_4c\"\u003e\u003cdiv class\u003d\"gb_Ec\"\u003e\u003cdiv class\u003d\"gb_Fc\"\u003e\u003ca class\u003d\"gb_8d gb_Hc gb_6d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u0
2024-01-30 17:51:34 UTC	1013	IN	Data Raw: 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 43 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 62 2e 61 74 74 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 72 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 5f 2e 41 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 5f 2e 71 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e Data Ascii: ataset.eqid\u003de;a.C[e]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener(c,d,!1):b\u0026\u0026b.attachEvent?b.attachEvent(\"on\"+c,d):a.o.log(Error(\"r`\"+b))}};\n}catch(e){_._DumpException(e)}\ntry{\n_.Ad\u003dfunction(){if(!_.q.addEventListen
2024-01-30 17:51:34 UTC	318	IN	Data Raw: 31 33 37 0d 0a 3b 74 72 79 7b 62 5c 75 30 30 33 64 63 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 61 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 45 64 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 45 64 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 45 64 7d 29 7d 63 61 74 63 68 28 64 29 7b 5f 2e 71 2e 63 6f 6e 73 6f 6c 65 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 71 2e 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 64 2e 6d 65 73 73 61 67 65 29 7d 72 65 74 75 72 6e 20 62 7d 3b 5f 2e 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 30 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 62 2c 30 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 41 72 72 Data Ascii: 137;try{b\u003dc.createPolicy(a,{createHTML:Ed,createScript:Ed,createScriptURL:Ed})}catch(d){_.q.console\u0026\u0026_.q.console.error(d.message)}return b};_.Gd\u003dfunction(a,b){return 0\u003d\u003da.lastIndexOf(b,0)};_.Hd\u003dfunction(a,b){return Arr
2024-01-30 17:51:34 UTC	1252	IN	Data Raw: 38 30 30 30 0d 0a 6e 76 61 73 28 30 2c 30 29 29 2e 67 65 74 43 6f 6e 74 65 78 74 28 5c 22 32 64 5c 22 29 7d 63 61 74 63 68 28 61 29 7b 7d 3b 76 61 72 20 49 64 3b 5f 2e 4a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 76 6f 69 64 20 30 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 49 64 5c 75 30 30 32 36 5c 75 30 30 32 36 28 49 64 5c 75 30 30 33 64 5f 2e 46 64 28 5c 22 6f 67 62 2d 71 74 6d 23 68 74 6d 6c 5c 22 29 29 3b 72 65 74 75 72 6e 20 49 64 7d 3b 76 61 72 20 4d 64 2c 4f 64 3b 5f 2e 4b 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2e 74 6f 53 74 72 69 6e 67 28 29 7d 7d 3b 5f 2e 4c 64 5c Data Ascii: 8000nvas(0,0)).getContext(\"2d\")}catch(a){};var Id;_.Jd\u003dfunction(){void 0\u003d\u003d\u003dId\u0026\u0026(Id\u003d_.Fd(\"ogb-qtm#html\"));return Id};var Md,Od;_.Kd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i.toString()}};_.Ld\
2024-01-30 17:51:34 UTC	1252	IN	Data Raw: 65 48 74 6d 6c 5c 22 7d 3b 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 4a 64 28 29 3b 61 5c 75 30 30 33 64 62 3f 62 2e 63 72 65 61 74 65 48 54 4d 4c 28 61 29 3a 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 59 64 28 61 2c 58 64 29 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2e 74 6f 53 74 72 69 6e 67 28 29 7d 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 6e 65 77 20 5f 2e 59 64 28 5f 2e 71 2e 74 72 75 73 74 65 64 54 79 70 65 73 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 71 2e 74 72 75 73 74 65 64 54 79 70 65 73 2e 65 6d 70 74 79 48 54 Data Ascii: eHtml\"};_.$d\u003dfunction(a){const b\u003d_.Jd();a\u003db?b.createHTML(a):a;return new _.Yd(a,Xd)};_.Yd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i.toString()}};_.ae\u003dnew _.Yd(_.q.trustedTypes\u0026\u0026_.q.trustedTypes.emptyHT
2024-01-30 17:51:34 UTC	1252	IN	Data Raw: 2e 6d 2e 66 6c 6f 6f 72 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 77 69 64 74 68 5c 75 30 30 33 64 4d 61 74 68 2e 66 6c 6f 6f 72 28 74 68 69 73 2e 77 69 64 74 68 29 3b 74 68 69 73 2e 68 65 69 67 68 74 5c 75 30 30 33 64 4d 61 74 68 2e 66 6c 6f 6f 72 28 74 68 69 73 2e 68 65 69 67 68 74 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 5f 2e 6d 2e 72 6f 75 6e 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 77 69 64 74 68 5c 75 30 30 33 64 4d 61 74 68 2e 72 6f 75 6e 64 28 74 68 69 73 2e 77 69 64 74 68 29 3b 74 68 69 73 2e 68 65 69 67 68 74 5c 75 30 30 33 64 4d 61 74 68 2e 72 6f 75 6e 64 28 74 68 69 73 2e 68 65 69 67 68 74 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 5f 2e 52 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 Data Ascii: .m.floor\u003dfunction(){this.width\u003dMath.floor(this.width);this.height\u003dMath.floor(this.height);return this};_.m.round\u003dfunction(){this.width\u003dMath.round(this.width);this.height\u003dMath.round(this.height);return this};_.R\u003dfunction(

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:34 UTC	542	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
2024-01-30 17:51:34 UTC	1434	IN	HTTP/1.1 200 OK Version: 602283465 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Date: Tue, 30 Jan 2024 17:51:34 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-01-30 17:51:34 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-01-30 17:51:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:34 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.149&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.149 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-30 17:51:34 UTC	732	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-m4L6zt0i4oDRr4bFARJP2Q' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 30 Jan 2024 17:51:34 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6238 X-Daystart: 35494 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-01-30 17:51:34 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 33 38 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 35 34 39 34 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6238" elapsed_seconds="35494"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2024-01-30 17:51:34 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2024-01-30 17:51:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:36 UTC	848	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=direc&oit=1&cp=5&pgcl=7&gs_rn=42&psi=w2jj9Ekh5vGktcI5&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
2024-01-30 17:51:36 UTC	1703	IN	HTTP/1.1 200 OK Date: Tue, 30 Jan 2024 17:51:36 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-TGenD1UqBpQxNkv7WWB8UA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-01-30 17:51:36 UTC	1048	IN	Data Raw: 34 31 31 0d 0a 29 5d 7d 27 0a 5b 22 64 69 72 65 63 22 2c 5b 22 64 69 72 65 63 74 69 6f 6e 73 22 2c 22 64 69 72 65 63 74 76 22 2c 22 64 69 72 65 63 74 69 6f 6e 73 20 61 74 6c 61 6e 74 61 22 2c 22 64 69 72 65 63 74 69 6f 6e 73 20 66 6f 72 65 73 74 20 70 61 72 6b 22 2c 22 64 69 72 65 63 74 76 20 73 74 72 65 61 6d 22 2c 22 64 69 72 65 63 74 69 6f 6e 73 20 67 6f 6f 67 6c 65 22 2c 22 64 69 72 65 63 74 20 6f 62 6a 65 63 74 22 2c 22 64 69 72 65 63 74 20 64 65 6d 6f 63 72 61 63 79 22 2c 22 64 69 72 65 63 74 76 20 6c 6f 67 69 6e 22 2c 22 64 69 72 65 63 74 69 6f 6e 73 20 67 6f 6f 67 6c 65 20 6d 61 70 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 Data Ascii: 411)]}'["direc",["directions","directv","directions atlanta","directions forest park","directv stream","directions google","direct object","direct democracy","directv login","directions google maps"],["","","","","","","","","",""],[],{"google:clientda
2024-01-30 17:51:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:36 UTC	922	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.GsbA68hXs80.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo899t-H8Lxb3OqzMDuPn6TV_i36ag/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
2024-01-30 17:51:36 UTC	914	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 121630 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Tue, 30 Jan 2024 17:24:55 GMT Expires: Wed, 29 Jan 2025 17:24:55 GMT Cache-Control: public, max-age=31536000 Last-Modified: Wed, 06 Dec 2023 17:20:24 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 1601 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-01-30 17:51:36 UTC	338	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 65 61 2c 66 61 2c 6e 61 2c 70 61 2c 73 61 2c 76 61 2c 77 61 2c 43 61 3b 5f 2e 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);var ea,fa,na,pa,sa,va,wa,Ca;_.da=function(a)
2024-01-30 17:51:36 UTC	1252	IN	Data Raw: 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f 6e 65 3a 21 30 7d 7d 7d 3b 66 61 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 6e 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b Data Ascii: r b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};fa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};na=function(a){a=[
2024-01-30 17:51:36 UTC	1252	IN	Data Raw: 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 5f 2e 6f 61 5b 62 5b 63 5d 5d 3b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 64 26 26 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 26 26 66 61 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 73 61 28 65 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 73 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 Data Ascii: 32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=_.oa[b[c]];"function"===typeof d&&"function"!=typeof d.prototype[a]&&fa(d.prototype,a,{configurable:!0,writable:!0,value:function(){return sa(ea(this))}})}return a});sa=function(a){a={next:a};a[Sy
2024-01-30 17:51:36 UTC	1252	IN	Data Raw: 3a 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 28 68 29 7d 29 7d 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 65 50 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 69 66 28 6e 75 6c 6c 3d 3d 74 68 69 73 2e 4c 66 29 7b 74 68 69 73 2e 4c 66 3d 5b 5d 3b 76 61 72 20 6b 3d 74 68 69 73 3b 74 68 69 73 2e 66 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6b 2e 62 37 28 29 7d 29 7d 74 68 69 73 2e 4c 66 2e 70 75 73 68 28 68 29 7d 3b 76 61 72 20 64 3d 5f 2e 6f 61 2e 73 65 74 54 69 6d 65 6f 75 74 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 66 50 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 64 28 68 2c 30 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 62 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 3b 74 68 69 73 2e 4c 66 26 26 74 68 69 73 2e 4c Data Ascii: :new e(function(k){k(h)})}if(a)return a;b.prototype.eP=function(h){if(null==this.Lf){this.Lf=[];var k=this;this.fP(function(){k.b7()})}this.Lf.push(h)};var d=_.oa.setTimeout;b.prototype.fP=function(h){d(h,0)};b.prototype.b7=function(){for(;this.Lf&&this.L
2024-01-30 17:51:36 UTC	1252	IN	Data Raw: 22 2b 68 2b 22 60 22 2b 6b 2b 22 60 22 2b 74 68 69 73 2e 46 61 29 3b 74 68 69 73 2e 46 61 3d 68 3b 74 68 69 73 2e 7a 66 3d 6b 3b 32 3d 3d 3d 74 68 69 73 2e 46 61 26 26 74 68 69 73 2e 51 64 61 28 29 3b 74 68 69 73 2e 63 37 28 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 51 64 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 74 68 69 73 3b 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 68 2e 46 62 61 28 29 29 7b 76 61 72 20 6b 3d 5f 2e 6f 61 2e 63 6f 6e 73 6f 6c 65 3b 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 6b 26 26 6b 2e 65 72 72 6f 72 28 68 2e 7a 66 29 7d 7d 2c 0a 31 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 46 62 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 69 56 29 72 65 74 75 72 6e 21 31 3b 76 61 72 Data Ascii: "+h+"`"+k+"`"+this.Fa);this.Fa=h;this.zf=k;2===this.Fa&&this.Qda();this.c7()};e.prototype.Qda=function(){var h=this;d(function(){if(h.Fba()){var k=_.oa.console;"undefined"!==typeof k&&k.error(h.zf)}},1)};e.prototype.Fba=function(){if(this.iV)return!1;var
2024-01-30 17:51:36 UTC	1252	IN	Data Raw: 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 74 68 72 6f 77 20 45 72 72 6f 72 28 22 64 60 22 2b 6d 2e 46 61 29 3b 7d 7d 76 61 72 20 6d 3d 74 68 69 73 3b 6e 75 6c 6c 3d 3d 74 68 69 73 2e 63 73 3f 66 2e 65 50 28 6c 29 3a 74 68 69 73 2e 63 73 2e 70 75 73 68 28 6c 29 3b 74 68 69 73 2e 69 56 3d 21 30 7d 3b 65 2e 72 65 73 6f 6c 76 65 3d 63 3b 65 2e 72 65 6a 65 63 74 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6c 28 68 29 7d 29 7d 3b 65 2e 72 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 66 6f 72 28 76 61 72 20 6d 3d 5f 2e 74 61 28 68 29 2c 6e 3d 6d 2e 6e 65 78 74 28 29 3b 21 6e 2e 64 6f 6e 65 3b 6e 3d 6d 2e 6e Data Ascii: reak;default:throw Error("d`"+m.Fa);}}var m=this;null==this.cs?f.eP(l):this.cs.push(l);this.iV=!0};e.resolve=c;e.reject=function(h){return new e(function(k,l){l(h)})};e.race=function(h){return new e(function(k,l){for(var m=_.ta(h),n=m.next();!n.done;n=m.n
2024-01-30 17:51:36 UTC	1252	IN	Data Raw: 73 74 61 6e 63 65 6f 66 20 62 29 72 65 74 75 72 6e 20 6e 3b 4f 62 6a 65 63 74 2e 69 73 45 78 74 65 6e 73 69 62 6c 65 28 6e 29 26 26 64 28 6e 29 3b 72 65 74 75 72 6e 20 6d 28 6e 29 7d 29 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 21 4f 62 6a 65 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6d 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6e 3d 6e 65 77 20 61 28 5b 5b 6c 2c 32 5d 2c 5b 6d 2c 33 5d 5d 29 3b 69 66 28 32 21 3d 6e 2e 67 65 74 28 6c 29 7c 7c 33 21 3d 6e 2e 67 65 74 28 6d 29 29 72 65 74 75 72 6e 21 31 3b 6e 2e 64 65 6c 65 74 65 28 6c 29 3b 6e 2e 73 65 74 28 6d 2c 34 29 3b 72 65 74 75 72 6e 21 6e 2e 68 61 73 28 6c 29 26 26 34 3d 3d 6e 2e Data Ascii: stanceof b)return n;Object.isExtensible(n)&&d(n);return m(n)})}if(function(){if(!a\|\|!Object.seal)return!1;try{var l=Object.seal({}),m=Object.seal({}),n=new a([[l,2],[m,3]]);if(2!=n.get(l)\|\|3!=n.get(m))return!1;n.delete(l);n.set(m,4);return!n.has(l)&&4==n.
2024-01-30 17:51:36 UTC	1252	IN	Data Raw: 65 7c 7c 34 21 3d 6e 2e 76 61 6c 75 65 5b 30 5d 2e 78 7c 7c 22 74 22 21 3d 6e 2e 76 61 6c 75 65 5b 31 5d 7c 7c 21 6d 2e 6e 65 78 74 28 29 2e 64 6f 6e 65 3f 21 31 3a 21 30 7d 63 61 74 63 68 28 70 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 76 61 72 20 62 3d 6e 65 77 20 57 65 61 6b 4d 61 70 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 0a 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 3b 69 66 28 6b 29 7b 6b 3d 5f 2e 74 61 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 Data Ascii: e\|\|4!=n.value[0].x\|\|"t"!=n.value[1]\|\|!m.next().done?!1:!0}catch(p){return!1}}())return a;var b=new WeakMap,c=function(k){this[0]={};this[1]=f();this.size=0;if(k){k=_.ta(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};c.prototype.set=func
2024-01-30 17:51:36 UTC	1252	IN	Data Raw: 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 76 61 72 20 6d 3d 6c 26 26 74 79 70 65 6f 66 20 6c 3b 22 6f 62 6a 65 63 74 22 3d 3d 6d 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 6d 3f 62 2e 68 61 73 28 6c 29 3f 6d 3d 62 2e 67 65 74 28 6c 29 3a 28 6d 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6c 2c 6d 29 29 3a 6d 3d 22 70 5f 22 2b 6c 3b 76 61 72 20 6e 3d 6b 5b 30 5d 5b 6d 5d 3b 69 66 28 6e 26 26 76 61 28 6b 5b 30 5d 2c 6d 29 29 66 6f 72 28 6b 3d 30 3b 6b 3c 6e 2e 6c 65 6e 67 74 68 3b 6b 2b 2b 29 7b 76 61 72 20 70 3d 6e 5b 6b 5d 3b 69 66 28 6c 21 3d 3d 6c 26 26 70 2e 6b 65 79 21 3d 3d 70 2e 6b 65 79 7c 7c 6c 3d 3d 3d 70 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6d 2c 6c 69 73 74 Data Ascii: =c.prototype.entries;var d=function(k,l){var m=l&&typeof l;"object"==m\|\|"function"==m?b.has(l)?m=b.get(l):(m=""+ ++h,b.set(l,m)):m="p_"+l;var n=k[0][m];if(n&&va(k[0],m))for(k=0;k<n.length;k++){var p=n[k];if(l!==l&&p.key!==p.key\|\|l===p.key)return{id:m,list
2024-01-30 17:51:36 UTC	1252	IN	Data Raw: 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4f 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 0a 70 61 28 22 53 65 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 61 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 74 61 28 5b 63 5d 29 29 3b Data Ascii: eys",function(a){return a?a:function(){return Oa(this,function(b){return b})}});pa("Set",function(a){if(function(){if(!a\|\|"function"!=typeof a\|\|!a.prototype.entries\|\|"function"!=typeof Object.seal)return!1;try{var c=Object.seal({x:4}),d=new a(_.ta([c]));

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:37 UTC	850	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=directx&oit=1&cp=7&pgcl=7&gs_rn=42&psi=w2jj9Ekh5vGktcI5&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
2024-01-30 17:51:37 UTC	1703	IN	HTTP/1.1 200 OK Date: Tue, 30 Jan 2024 17:51:37 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-kJoMgd7DIGFSoKPTXEzpVA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-01-30 17:51:37 UTC	636	IN	Data Raw: 32 37 35 0d 0a 29 5d 7d 27 0a 5b 22 64 69 72 65 63 74 78 22 2c 5b 22 64 69 72 65 63 74 78 22 2c 22 64 69 72 65 63 74 78 20 72 75 6e 74 69 6d 65 22 2c 22 64 69 72 65 63 74 78 20 31 31 22 2c 22 64 69 72 65 63 74 78 20 31 32 22 2c 22 64 69 72 65 63 74 78 20 64 6f 77 6e 6c 6f 61 64 22 2c 22 64 69 72 65 63 74 78 20 31 31 20 76 73 20 31 32 22 2c 22 64 69 72 65 63 74 78 20 72 75 6e 74 69 6d 65 20 64 6f 77 6e 6c 6f 61 64 22 2c 22 64 69 72 65 63 74 78 20 31 31 20 76 73 20 76 75 6c 6b 61 6e 22 2c 22 64 69 72 65 63 74 78 20 31 32 20 64 6f 77 6e 6c 6f 61 64 22 2c 22 64 69 72 65 63 74 78 20 75 70 64 61 74 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 Data Ascii: 275)]}'["directx",["directx","directx runtime","directx 11","directx 12","directx download","directx 11 vs 12","directx runtime download","directx 11 vs vulkan","directx 12 download","directx update"],["","","","","","","","","",""],[],{"google:clientd
2024-01-30 17:51:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Palworld.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Apr2007_xinput_x64[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Aug2005_d3dx9_27_x86[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Aug2006_xinput_x64[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Aug2009_D3DCompiler_42_x86[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Aug2009_d3dx9_42_x86[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Jun2007_d3dx9_34_x86[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Jun2008_d3dx9_38_x86[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Jun2010_d3dcsx_43_x86[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Nov2007_d3dx9_36_x86[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Nov2008_d3dx9_40_x86[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Oct2006_d3dx9_31_x86[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\dxupdate[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Apr2006_d3dx9_30_x86[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Apr2007_d3dx10_33_x86[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Apr2007_xinput_x86[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Aug2006_xinput_x86[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Aug2007_d3dx10_35_x86[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Aug2008_d3dx10_39_x86[1].cab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Aug2009_d3dcsx_42_x86[1].cab

Windows Analysis Report
Palworld.exe

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:39 UTC	1312	OUT	GET /search?q=directx+runtime&oq=directx&gs_lcrp=EgZjaHJvbWUqDQgBEAAYgwEYsQMYgAQyDwgAEEUYORiDARixAxiABDINCAEQABiDARixAxiABDINCAIQABiDARixAxiABDIKCAMQABixAxiABDIKCAQQABixAxiABDIHCAUQABiABDINCAYQABiDARixAxiABDIHCAcQABiABDINCAgQABiDARixAxiABDINCAkQABiDARixAxiABNIBCDQwNjFqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
2024-01-30 17:51:39 UTC	2282	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Tue, 30 Jan 2024 17:51:39 GMT Expires: -1 Cache-Control: private, max-age=0 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-GhlIM3-Vn8MZTzZdrVZ-yw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-01-30-17; expires=Thu, 29-Feb-2024 17:51:39 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; expires=Sun, 28-Jul-2024 17:51:39 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=511=s82NdxBaGSH8HxMBLOcwvQpPzv4y-mUgW_d9F7q5R75kTlIRPMncU7iV21f6MmTKzsbm9O89dDCBLJZZNbykzIqZ9LcgUs96i2BkApgz8PH3PiG1Fhzsjr2PRztNhbt9gnl94FekHS0ArONy3z7WCbcUNDAac--5IhXnjkI59xc; expires=Sat, 06-Apr-2024 09:46:29 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-01-30 17:51:39 UTC	2282	IN	Data Raw: 65 62 34 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 53 65 61 72 63 68 52 65 73 75 6c 74 73 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 41 6a 6f 43 71 38 5a 67 35 50 63 58 67 66 6c 2f 53 6f 54 69 6b 63 31 65 2f 64 7a 51 43 64 78 57 30 66 76 6f 38 46 78 6d 64 58 74 4d 70 54 48 46 53 50 54 68 44 73 7a 72 32 47 54 6e 34 61 44 4f 39 6e 2f 6c 70 6b 57 33 5a 76 2f 6a 73 Data Ascii: eb4<!doctype html><html itemscope="" itemtype="http://schema.org/SearchResultsPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="AjoCq8Zg5PcXgfl/SoTikc1e/dzQCdxW0fvo8FxmdXtMpTHFSPThDszr2GTn4aDO9n/lpkW3Zv/js
2024-01-30 17:51:39 UTC	1489	IN	Data Raw: 65 2e 73 79 3d 5b 5d 3b 67 6f 6f 67 6c 65 2e 78 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 29 76 61 72 20 63 3d 61 2e 69 64 3b 65 6c 73 65 7b 64 6f 20 63 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 77 68 69 6c 65 28 67 6f 6f 67 6c 65 2e 79 5b 63 5d 29 7d 67 6f 6f 67 6c 65 2e 79 5b 63 5d 3d 5b 61 2c 62 5d 3b 72 65 74 75 72 6e 21 31 7d 3b 67 6f 6f 67 6c 65 2e 73 78 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 73 79 2e 70 75 73 68 28 61 29 7d 3b 67 6f 6f 67 6c 65 2e 6c 6d 3d 5b 5d 3b 67 6f 6f 67 6c 65 2e 70 6c 6d 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 6c 6d 2e 70 75 73 68 2e 61 70 70 6c 79 28 67 6f 6f 67 6c 65 2e 6c 6d 2c 61 29 7d 3b 67 6f 6f 67 6c 65 2e 6c 71 3d 5b 5d 3b 67 6f 6f 67 6c 65 2e 6c 6f 61 64 3d Data Ascii: e.sy=[];google.x=function(a,b){if(a)var c=a.id;else{do c=Math.random();while(google.y[c])}google.y[c]=[a,b];return!1};google.sx=function(a){google.sy.push(a)};google.lm=[];google.plm=function(a){google.lm.push.apply(google.lm,a)};google.lq=[];google.load=
2024-01-30 17:51:39 UTC	116	IN	Data Raw: 36 65 0d 0a 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 69 66 28 22 68 69 64 64 65 6e 22 3d 3d 3d 64 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 7c 7c 22 47 2d 45 58 50 41 4e 44 41 42 4c 45 2d 43 4f 4e 54 45 4e 54 22 3d 3d 3d 64 2e 74 61 67 4e 61 6d 65 26 26 22 68 69 64 64 65 6e 22 3d 3d 3d 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 0d 0a Data Ascii: 6e.parentElement)if("hidden"===d.style.overflow\|\|"G-EXPANDABLE-CONTENT"===d.tagName&&"hidden"===getComputedStyle
2024-01-30 17:51:39 UTC	1252	IN	Data Raw: 38 30 30 30 0d 0a 28 64 29 2e 67 65 74 50 72 6f 70 65 72 74 79 56 61 6c 75 65 28 22 6f 76 65 72 66 6c 6f 77 22 29 29 7b 62 3d 64 3b 62 72 65 61 6b 20 61 7d 62 3d 6e 75 6c 6c 7d 69 66 28 21 62 29 72 65 74 75 72 6e 21 31 3b 61 3d 63 28 61 29 3b 63 3d 63 28 62 29 3b 72 65 74 75 72 6e 20 61 2e 62 6f 74 74 6f 6d 3c 63 2e 74 6f 70 7c 7c 61 2e 74 6f 70 3e 3d 63 2e 62 6f 74 74 6f 6d 7c 7c 61 2e 72 69 67 68 74 3c 63 2e 6c 65 66 74 7c 7c 61 2e 6c 65 66 74 3e 3d 63 2e 72 69 67 68 74 7d 0a 66 75 6e 63 74 69 6f 6e 20 62 61 28 61 29 7b 72 65 74 75 72 6e 22 6e 6f 6e 65 22 3d 3d 3d 61 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3f 21 30 3a 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 26 26 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 2e 67 65 Data Ascii: 8000(d).getPropertyValue("overflow")){b=d;break a}b=null}if(!b)return!1;a=c(a);c=c(b);return a.bottom<c.top\|\|a.top>=c.bottom\|\|a.right<c.left\|\|a.left>=c.right}function ba(a){return"none"===a.style.display?!0:document.defaultView&&document.defaultView.ge
2024-01-30 17:51:39 UTC	1252	IN	Data Raw: 68 45 76 65 6e 74 28 22 6f 6e 22 2b 62 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 42 28 61 2c 62 2c 63 2c 64 29 7b 22 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 69 6e 20 61 3f 61 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 64 7c 7c 21 31 29 3a 61 2e 61 74 74 61 63 68 45 76 65 6e 74 26 26 61 2e 64 65 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 22 2b 62 2c 63 29 7d 3b 76 61 72 20 6b 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 67 3d 61 3b 74 68 69 73 2e 6c 3d 5b 5d 3b 74 68 69 73 2e 43 3d 74 68 69 73 2e 67 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6e 6f 61 66 74 22 29 3b 74 68 69 73 2e 69 3d 21 21 74 68 69 73 2e 67 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 64 65 66 65 72 72 65 64 Data Ascii: hEvent("on"+b,c)}function B(a,b,c,d){"addEventListener"in a?a.removeEventListener(b,c,d\|\|!1):a.attachEvent&&a.detachEvent("on"+b,c)};var ka=function(a){this.g=a;this.l=[];this.C=this.g.hasAttribute("data-noaft");this.i=!!this.g.getAttribute("data-deferred
2024-01-30 17:51:39 UTC	1252	IN	Data Raw: 72 63 20 62 73 72 63 20 75 72 6c 20 6c 6c 20 69 6d 61 67 65 20 69 6d 67 2d 75 72 6c 20 6c 69 6f 69 22 2e 73 70 6c 69 74 28 22 20 22 29 3b 66 75 6e 63 74 69 6f 6e 20 46 28 61 29 7b 66 6f 72 28 3b 61 3b 61 3d 61 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 69 66 28 22 47 2d 53 43 52 4f 4c 4c 49 4e 47 2d 43 41 52 4f 55 53 45 4c 22 3d 3d 3d 61 2e 74 61 67 4e 61 6d 65 29 72 65 74 75 72 6e 20 61 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 67 6f 6f 67 6c 65 2e 63 2e 69 69 6d 3d 67 6f 6f 67 6c 65 2e 63 2e 69 69 6d 7c 7c 7b 7d 3b 76 61 72 20 47 3d 67 6f 6f 67 6c 65 2e 63 2e 69 69 6d 2c 6c 61 3d 30 3b 66 75 6e 63 74 69 6f 6e 20 48 28 61 29 7b 76 61 72 20 62 3d 53 74 72 69 6e 67 28 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 63 73 69 69 64 22 29 7c 7c Data Ascii: rc bsrc url ll image img-url lioi".split(" ");function F(a){for(;a;a=a.parentElement)if("G-SCROLLING-CAROUSEL"===a.tagName)return a;return null}google.c.iim=google.c.iim\|\|{};var G=google.c.iim,la=0;function H(a){var b=String(a.getAttribute("data-csiid")\|\|
2024-01-30 17:51:39 UTC	1252	IN	Data Raw: 44 61 74 65 2e 6e 6f 77 28 29 29 29 7d 3b 67 6f 6f 67 6c 65 2e 73 74 61 72 74 54 69 63 6b 28 22 6c 6f 61 64 22 29 3b 67 6f 6f 67 6c 65 2e 74 69 63 6b 28 22 6c 6f 61 64 22 2c 22 68 73 74 22 29 3b 76 61 72 20 4a 3d 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 2e 6c 6f 61 64 3b 69 66 28 21 67 6f 6f 67 6c 65 2e 73 74 76 73 63 29 61 3a 7b 76 61 72 20 4b 3d 4a 2e 74 3b 69 66 28 71 29 7b 76 61 72 20 4c 3d 71 2e 74 69 6d 69 6e 67 3b 69 66 28 4c 29 7b 76 61 72 20 4d 3d 4c 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 2c 4e 3d 4c 2e 72 65 73 70 6f 6e 73 65 53 74 61 72 74 3b 69 66 28 4e 3e 4d 26 26 4e 3c 3d 4b 2e 73 74 61 72 74 29 7b 4b 2e 73 74 61 72 74 3d 4e 3b 4a 2e 77 73 72 74 3d 4e 2d 4d 3b 62 72 65 61 6b 20 61 7d 7d 71 2e 6e 6f 77 26 26 28 4a 2e 77 73 72 74 3d 4d Data Ascii: Date.now()))};google.startTick("load");google.tick("load","hst");var J=google.timers.load;if(!google.stvsc)a:{var K=J.t;if(q){var L=q.timing;if(L){var M=L.navigationStart,N=L.responseStart;if(N>M&&N<=K.start){K.start=N;J.wsrt=N-M;break a}}q.now&&(J.wsrt=M
2024-01-30 17:51:39 UTC	1252	IN	Data Raw: 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 61 66 74 71 26 26 28 67 6f 6f 67 6c 65 2e 61 66 74 71 3d 67 6f 6f 67 6c 65 2e 61 66 74 71 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 61 21 3d 3d 63 7d 29 2c 4f 28 61 29 29 7d 2c 62 29 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 50 28 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 26 26 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 61 76 69 67 61 74 69 6f 6e 26 26 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 61 76 69 67 61 74 69 6f 6e 2e 74 79 70 65 7d 3b 76 61 72 20 71 61 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 72 61 3d 22 61 66 74 20 61 66 74 69 20 61 66 74 72 20 61 66 74 73 20 63 62 73 20 63 Data Ascii: t(function(){google.aftq&&(google.aftq=google.aftq.filter(function(c){return a!==c}),O(a))},b))};function P(){return window.performance&&window.performance.navigation&&window.performance.navigation.type};var qa=window.location,ra="aft afti aftr afts cbs c
2024-01-30 17:51:39 UTC	1252	IN	Data Raw: 61 63 6f 6e 28 63 2c 22 22 29 3a 67 6f 6f 67 6c 65 2e 6c 6f 67 28 22 22 2c 22 22 2c 63 29 7d 7d 3b 66 75 6e 63 74 69 6f 6e 20 74 61 28 61 29 7b 61 26 26 67 6f 6f 67 6c 65 2e 74 69 63 6b 28 22 6c 6f 61 64 22 2c 22 63 62 73 22 2c 61 29 3b 67 6f 6f 67 6c 65 2e 74 69 63 6b 28 22 6c 6f 61 64 22 2c 22 63 62 74 22 29 3b 73 61 28 22 63 61 70 22 29 7d 3b 76 61 72 20 75 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 53 3b 61 2e 68 2d 2d 3b 21 61 2e 68 26 26 61 2e 67 26 26 28 61 2e 67 28 29 2c 61 2e 67 3d 6e 75 6c 6c 29 7d 2c 76 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 53 3b 62 2e 67 3d 61 3b 21 62 2e 68 26 26 62 2e 67 26 26 28 62 2e 67 28 29 2c 62 2e 67 3d 6e 75 6c 6c 29 7d 2c 53 3d 6e 65 77 20 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 Data Ascii: acon(c,""):google.log("","",c)}};function ta(a){a&&google.tick("load","cbs",a);google.tick("load","cbt");sa("cap")};var ua=function(){var a=S;a.h--;!a.h&&a.g&&(a.g(),a.g=null)},va=function(a){var b=S;b.g=a;!b.h&&b.g&&(b.g(),b.g=null)},S=new function(){thi
2024-01-30 17:51:39 UTC	1252	IN	Data Raw: 21 30 7d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 78 28 22 69 6d 61 22 2c 6b 29 3b 78 28 22 69 6d 61 64 22 2c 68 29 3b 78 28 22 69 6d 61 63 22 2c 6d 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 22 49 62 37 45 66 63 22 29 2e 6c 65 6e 67 74 68 26 26 78 28 22 64 64 6c 22 2c 31 29 3b 78 28 22 77 68 22 2c 63 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 6c 26 26 77 28 22 61 66 74 69 22 2c 6c 29 3b 30 3c 56 26 26 77 28 22 61 66 74 73 22 2c 57 29 3b 58 26 26 77 28 22 61 66 74 72 22 2c 58 29 3b 76 61 72 20 7a 3d 57 2c 51 3d 56 3b 69 66 28 58 3e 7a 7c 7c 68 61 26 26 63 26 26 56 3c 63 26 26 59 3e 3d 63 29 7a 3d 58 2c 51 3d 59 3b 6c 26 26 28 21 6a 61 7c 7c 6c 3e 7a 7c 7c 67 26 26 28 21 58 7c 7c 30 3e 56 29 7c 7c 69 Data Ascii: !0},function(){x("ima",k);x("imad",h);x("imac",m);document.getElementsByClassName("Ib7Efc").length&&x("ddl",1);x("wh",c)},function(l){l&&w("afti",l);0<V&&w("afts",W);X&&w("aftr",X);var z=W,Q=V;if(X>z\|\|ha&&c&&V<c&&Y>=c)z=X,Q=Y;l&&(!ja\|\|l>z\|\|g&&(!X\|\|0>V)\|\|i

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:40 UTC	1364	OUT	GET /images/branding/googlelogo/2x/googlelogo_color_92x30dp.png HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.149" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=s82NdxBaGSH8HxMBLOcwvQpPzv4y-mUgW_d9F7q5R75kTlIRPMncU7iV21f6MmTKzsbm9O89dDCBLJZZNbykzIqZ9LcgUs96i2BkApgz8PH3PiG1Fhzsjr2PRztNhbt9gnl94FekHS0ArONy3z7WCbcUNDAac--5IhXnjkI59xc
2024-01-30 17:51:40 UTC	671	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: image/png Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 3831 Date: Tue, 30 Jan 2024 17:51:40 GMT Expires: Tue, 30 Jan 2024 17:51:40 GMT Cache-Control: private, max-age=31536000 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-01-30 17:51:40 UTC	581	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 b8 00 00 00 3c 08 06 00 00 00 d5 12 70 09 00 00 0e be 49 44 41 54 78 da ed 5d 09 90 5c 45 19 6e c8 ce 12 6e 0f 50 b9 44 c5 60 08 72 ed 9b 37 1b 63 70 e6 bd 99 4d 62 8c 58 10 97 43 94 33 22 77 04 14 8a a3 18 6b 67 66 97 70 68 45 0e 21 87 05 94 1c 15 44 10 39 c2 1e e1 50 82 10 08 58 24 24 20 16 05 45 92 9d 9d cd f5 de cc 5e 09 3b fe 9f ec 66 37 bb db fd ee 99 1d ab bf aa ae 0c ec 9b d7 35 dd df fb fb ef ef ff ff 7e cc 0f 44 93 c5 aa 58 63 a1 56 4f e7 af d3 33 f9 87 b5 b4 b1 3a 96 c9 67 63 19 a3 40 ff 5d d4 53 46 1f fd 9b d3 d3 c6 db 5a 3a ff 18 7d be 41 cf 18 27 2b f7 15 43 4c 42 62 bc 42 4f 17 22 b1 8c f9 07 3d 95 df 02 22 3b 6d 9f 7d cf bc 2f de 94 3f 89 49 48 8c 17 10 29 eb 88 a0 2f 81 a4 be b5 b4 Data Ascii: PNGIHDR<pIDATx]\EnnPD`r7cpMbXC3"wkgfphE!D9PX$$ E^;f75~DXcVO3:gc@]SFZ:}A'+CLBbBO"=";m}/?IH)/
2024-01-30 17:51:40 UTC	1252	IN	Data Raw: 03 8a 15 13 33 ce 24 24 2a 95 e0 90 05 05 9b ca 16 26 21 51 a9 04 47 b4 90 f2 b7 37 f3 08 1e 6f cc cf 62 15 8e 8e 44 ed a4 6c 5c bd 24 1b 0f 2f a6 d6 d6 ae 2b ab d0 f0 99 da 12 fc ad 23 ae 1e cd 02 42 4f 73 f5 a4 be e6 aa 4b 76 b4 4c 58 dc db 12 6a db d1 1a 5a 85 f6 bf cf cd 13 96 e0 6f 3d 2d d5 81 f5 9f b8 65 cb 81 94 de 7c 2a 05 ef 32 14 60 7b 88 56 e4 a7 90 9b 4f 72 ef ed 14 31 9e 3b 6d 41 6e ff 72 13 bc a8 28 a1 0e 4d fd 5e 56 57 af 6b d7 d5 a5 1d ba fa 24 cd cb 53 34 2f 0f 76 e8 e1 9b 69 be ea de 9f f5 cd bd 98 53 68 4d 05 85 ef 9e 18 1b 2b 35 5c 8e 01 cb c6 23 e7 80 c8 34 48 45 3b ad 3d ae be 49 03 7c 1e be eb b9 ff 37 58 68 67 4b e8 9c 01 32 17 ed 34 22 fb 9b bd ad a1 f3 f0 5d 9f 62 1a 35 b4 02 3f 4a 41 b9 5e 8b a0 5d 81 ae fd fd f4 8c 71 f0 67 df Data Ascii: 3$$&!QG7obDl\$/+#BOsKvLXjZo=-e\|2`{VOr1;mAnr(M^VWk$S4/viShM+5\#4HE;=I\|7XhgK24"]b5?JA^]qg
2024-01-30 17:51:40 UTC	1252	IN	Data Raw: 04 4f e5 57 70 1e ba cc 30 bf 6e 31 67 63 d9 6d 95 b7 60 19 88 d0 94 9d 3c 5d 7c 98 7a b2 98 43 c2 6e a8 24 ae 35 fd 17 d8 7e b4 02 ec e4 e9 e2 76 ca 0b e3 8d 5d df 71 4d f0 8c 71 9a af 04 d7 c2 f7 73 dc 93 f5 6c 18 e0 87 d3 9c 5e 0a 55 cb 01 a9 f3 a4 b0 dc db ae d7 1e cf 2d 17 43 88 96 6b c5 1b f3 b3 59 89 81 83 39 79 01 0b 2d 65 9e 35 8c e0 6d bc 1d 39 f3 08 0c b2 95 9f 87 64 29 5e 4e 09 f3 08 9e 74 48 c4 df d5 3f 1e 76 de 29 61 b3 16 f6 bb 7e c0 a2 4d dd 5f f3 91 e0 98 a7 15 a2 b1 dc a4 a9 c7 c2 70 d0 ff 33 ed 12 1b aa 16 11 fb 8a 2d 09 e5 40 66 05 1c a2 29 90 e5 56 94 21 7d 57 e3 17 3c 6f db e5 83 c2 57 e6 10 fc 59 cf 04 d7 d4 16 de 8e 7f f0 1a f8 ca 1c 0b ee b9 7f 22 72 0b c7 82 ef ea 1f 47 dd 71 dc b8 0e e6 01 90 87 fd 24 38 0c 0e 2f e7 87 88 fa a2 Data Ascii: OWp0n1gcm`<]\|zCn$5~v]qMqsl^U-CkY9y-e5m9d)^NtH?v)a~M_p3-@f)V!}W<oWY"rGq$8/
2024-01-30 17:51:40 UTC	746	IN	Data Raw: 90 35 7e c2 cf 39 c2 46 15 16 de e3 e9 48 5d 5f a5 1f f9 e7 60 09 6e 2c e7 6c 28 6d 93 3c a7 ab d7 0c 05 69 dc 37 f8 ee b9 78 f8 22 e6 00 20 39 11 f2 1a 4e 90 86 d3 44 be 7b e8 22 17 2a d8 6c 72 39 b6 79 5b 3d 8d e7 bd 13 5c bc 6f 1a ca 04 f5 d8 50 b5 a5 2b 3f f6 35 11 0a 09 58 3e 17 31 ac 83 bf ee 97 be be 29 56 53 8b 4a 1f 0f 56 fb d5 ac 16 39 81 b9 44 df 8a aa da a1 4a 1f 57 ed 55 0a e8 b8 ee 3f de d4 fd 0d 14 86 b8 a8 77 dd 46 51 cc 39 be 1f fc 23 0e a8 e5 3c b8 8e af 0d e5 7f fb 0c 44 d1 06 8a 12 72 2e 2d 45 0f de e2 86 37 b1 b9 7d cf 0f 20 54 46 12 ea e9 34 10 af 38 48 c1 7c 91 76 fa 3f 1a 52 2b dc 03 ca 08 45 24 4f df d1 1c 7a c5 01 b1 5f 24 29 d0 97 fe 61 2c a0 56 a1 24 d1 a6 d5 7e 90 88 7d d8 40 3e f8 25 63 5f 67 ae f4 fb e8 36 a4 bb e2 ec 41 52 Data Ascii: 5~9FH]_`n,l(m<i7x" 9ND{"*lr9y[=\oP+?5X>1)VSJV9DJWU?wFQ9#<Dr.-E7} TF48H\|v?R+E$Oz_$)a,V$~}@>%c_g6AR

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:40 UTC	1660	OUT	GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.149" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com/search?q=directx+runtime&oq=directx&gs_lcrp=EgZjaHJvbWUqDQgBEAAYgwEYsQMYgAQyDwgAEEUYORiDARixAxiABDINCAEQABiDARixAxiABDINCAIQABiDARixAxiABDIKCAMQABixAxiABDIKCAQQABixAxiABDIHCAUQABiABDINCAYQABiDARixAxiABDIHCAcQABiABDINCAgQABiDARixAxiABDINCAkQABiDARixAxiABNIBCDQwNjFqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=s82NdxBaGSH8HxMBLOcwvQpPzv4y-mUgW_d9F7q5R75kTlIRPMncU7iV21f6MmTKzsbm9O89dDCBLJZZNbykzIqZ9LcgUs96i2BkApgz8PH3PiG1Fhzsjr2PRztNhbt9gnl94FekHS0ArONy3z7WCbcUNDAac--5IhXnjkI59xc
2024-01-30 17:51:40 UTC	671	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: image/webp Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 660 Date: Tue, 30 Jan 2024 17:51:40 GMT Expires: Tue, 30 Jan 2024 17:51:40 GMT Cache-Control: private, max-age=31536000 Last-Modified: Wed, 22 Apr 2020 22:00:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-01-30 17:51:40 UTC	581	IN	Data Raw: 52 49 46 46 8c 02 00 00 57 45 42 50 56 50 38 4c 80 02 00 00 2f 27 c0 1e 10 d5 48 76 b6 3d 6e 95 fb bf 0a bb 07 b8 51 ea d8 9f 99 61 e5 e8 28 52 76 0c 6f ab da 55 98 1c c6 fe ea 8a 99 6c 18 b6 6d 1b a6 ff 1f dc da f4 06 30 6c db 36 6c ae ed 66 da 0c b1 ed 09 a4 90 41 3f 42 08 43 98 41 19 94 c1 32 68 06 9d 41 67 30 84 10 0e e1 47 38 07 6e 23 29 52 ba 6a f1 78 a0 e6 be 50 9e 46 e5 ce 49 3b cc 4f 78 a1 e7 c7 cf f5 1c 37 2d f7 c8 cf 62 58 9e 2f eb c0 5d c5 88 96 af 33 cb b8 1c 54 80 ab 93 e1 a2 35 b7 ba 01 78 ee ac da f6 47 2e 43 09 aa 19 e0 b7 25 e2 75 03 8e 19 f9 14 75 2f 97 5f b4 3d f0 b2 94 98 bc 10 3c 21 71 06 5c 86 f8 07 39 02 f7 de b2 c2 15 5c f7 a6 1a 07 70 3a 14 bc 50 f8 34 1f 61 53 00 4e 29 9c 3e b0 3e 18 ae 22 06 db 83 39 99 e0 56 68 20 a7 aa d0 80 Data Ascii: RIFFWEBPVP8L/'Hv=nQa(RvoUlm0l6lfA?BCA2hAg0G8n#)RjxPFI;Ox7-bX/]3T5xG.C%uu/_=<!q\9\p:P4aSN)>>"9Vh
2024-01-30 17:51:40 UTC	79	IN	Data Raw: 67 d7 f6 25 ed f7 1a 3b 0c 5b 52 3e 4e 12 23 dc 57 c2 65 8f e2 40 71 07 08 1e 28 e6 10 c1 ef 5d 26 7f 02 0d 1d 96 e2 4b 99 03 b9 bf 9a ed c8 3f af 7c 07 7a 10 1e 28 df 11 e5 3a 26 6d 01 56 ce 43 e7 27 c6 9f c0 0f 44 5e e3 52 9e bb aa 00 Data Ascii: g%;[R>N#We@q(]&K?\|z(:&mVC'D^R

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:40 UTC	3675	OUT	GET /xjs/_/js/k=xjs.s.en_US.I0W95LBEUe0.O/am=ABAAABUIAAAAAAAAAAAAAABAAAAAgASCZsIhABsgAL5MAIAECAEQwAhYFAIkAAYABAGf_wQAAAAAACYgMACECyBF-B0EAACYgCqAdsAHAAAAEOwHiAEEHhAQAAAG8kMACoXoAIIABUAAAAAAeQCeB8BBCgsAAAAAAAAAAABAAAmCcED6CgIgAAAAAAAAAAAAAJBKEysPAwAE/d=1/ed=1/dg=2/br=1/rs=ACT90oEp1_FAvFBtywXdkASv2V22tHKmTQ/ee=AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KeeMUb:HiPxjc;KpRAue:Tia57b;LBgRLc:XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;PqHfGe:im2cZe;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZMvdv:PHFPjb;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;fWLTFc:TVBJbf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;hLUtwc:KB8OKd;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qGV2uc:HHi04c;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uknmt:GkPrzb;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;xbe2wc:uRMPBc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=attn,cdos,gwc,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.149" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=s82NdxBaGSH8HxMBLOcwvQpPzv4y-mUgW_d9F7q5R75kTlIRPMncU7iV21f6MmTKzsbm9O89dDCBLJZZNbykzIqZ9LcgUs96i2BkApgz8PH3PiG1Fhzsjr2PRztNhbt9gnl94FekHS0ArONy3z7WCbcUNDAac--5IhXnjkI59xc
2024-01-30 17:51:40 UTC	818	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 996634 Date: Tue, 30 Jan 2024 17:51:40 GMT Expires: Wed, 29 Jan 2025 17:51:40 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Tue, 30 Jan 2024 06:37:49 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-01-30 17:51:40 UTC	434	IN	Data Raw: 74 68 69 73 2e 5f 73 3d 74 68 69 73 2e 5f 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 20 2a 2f 0a 2f 2a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 Data Ascii: this._s=this._s\|\|{};(function(_){var window=this;try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0// SPDX-License-Identifier: Apache-2.0// SPDX-License-Identifier: Apache-2.0 // Copyright The Closure Lib
2024-01-30 17:51:40 UTC	1252	IN	Data Raw: 61 61 2c 77 61 61 2c 41 61 61 2c 79 61 61 2c 42 61 61 2c 44 61 61 2c 43 61 61 2c 45 61 61 2c 46 61 61 2c 47 61 61 2c 49 61 61 2c 4a 61 61 2c 4f 61 61 2c 24 61 61 2c 66 62 61 2c 71 62 61 2c 73 62 61 2c 77 62 61 2c 78 62 61 2c 43 62 61 2c 44 62 61 2c 47 62 61 2c 4b 62 61 2c 4d 62 61 2c 24 62 61 2c 63 63 61 2c 62 63 61 2c 65 63 61 2c 48 62 61 2c 65 62 2c 66 63 61 2c 67 63 61 2c 68 62 2c 69 63 61 2c 6c 63 61 2c 6d 63 61 2c 6e 63 61 2c 70 63 61 2c 74 63 61 2c 75 63 61 2c 76 63 61 2c 77 63 61 2c 79 63 61 2c 41 63 61 2c 44 63 61 2c 45 63 61 2c 47 63 61 2c 49 63 61 2c 4a 63 61 2c 4c 63 61 2c 50 63 61 2c 53 63 61 2c 55 63 61 2c 56 63 61 2c 63 64 61 2c 64 64 61 2c 65 64 61 2c 61 64 61 2c 66 64 61 2c 24 63 61 2c 67 64 61 2c 5a 63 61 2c 68 64 61 2c 69 64 61 2c 6f 64 Data Ascii: aa,waa,Aaa,yaa,Baa,Daa,Caa,Eaa,Faa,Gaa,Iaa,Jaa,Oaa,$aa,fba,qba,sba,wba,xba,Cba,Dba,Gba,Kba,Mba,$ba,cca,bca,eca,Hba,eb,fca,gca,hb,ica,lca,mca,nca,pca,tca,uca,vca,wca,yca,Aca,Dca,Eca,Gca,Ica,Jca,Lca,Pca,Sca,Uca,Vca,cda,dda,eda,ada,fda,$ca,gda,Zca,hda,ida,od
2024-01-30 17:51:40 UTC	1252	IN	Data Raw: 61 2c 61 72 61 2c 66 72 61 2c 69 72 61 2c 6b 72 61 2c 6c 72 61 2c 6f 72 61 2c 71 72 61 2c 72 72 61 2c 75 72 61 2c 73 67 2c 77 72 61 2c 79 72 61 2c 42 72 61 2c 43 72 61 2c 48 72 61 2c 4b 72 61 2c 4e 72 61 2c 4f 72 61 2c 50 72 61 2c 56 72 61 2c 61 73 61 2c 24 72 61 2c 64 73 61 2c 6c 73 61 2c 6e 73 61 2c 71 73 61 2c 73 73 61 2c 74 73 61 2c 76 73 61 2c 79 73 61 2c 77 73 61 2c 49 73 61 2c 54 73 61 2c 56 73 61 2c 57 73 61 2c 58 73 61 2c 49 67 2c 59 73 61 2c 24 73 61 2c 61 74 61 2c 62 74 61 2c 64 74 61 2c 68 74 61 2c 6a 74 61 2c 6b 74 61 2c 6d 74 61 2c 70 74 61 2c 6e 74 61 2c 6f 74 61 2c 71 74 61 2c 72 74 61 2c 0a 73 74 61 3b 5f 2e 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 45 72 72 6f 72 2e 63 61 70 74 75 72 65 53 74 61 63 6b 54 72 61 63 65 29 Data Ascii: a,ara,fra,ira,kra,lra,ora,qra,rra,ura,sg,wra,yra,Bra,Cra,Hra,Kra,Nra,Ora,Pra,Vra,asa,$ra,dsa,lsa,nsa,qsa,ssa,tsa,vsa,ysa,wsa,Isa,Tsa,Vsa,Wsa,Xsa,Ig,Ysa,$sa,ata,bta,dta,hta,jta,kta,mta,pta,nta,ota,qta,rta,sta;_.aa=function(a,b){if(Error.captureStackTrace)
2024-01-30 17:51:40 UTC	1252	IN	Data Raw: 74 68 3d 30 29 3b 72 65 74 75 72 6e 20 63 61 61 28 66 2c 65 29 7d 3b 5f 2e 68 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 65 3b 64 3f 28 65 3d 65 61 61 29 7c 7c 28 65 3d 65 61 61 3d 6e 65 77 20 54 65 78 74 44 65 63 6f 64 65 72 28 22 75 74 66 2d 38 22 2c 7b 66 61 74 61 6c 3a 21 30 7d 29 29 3a 28 65 3d 66 61 61 29 7c 7c 28 65 3d 66 61 61 3d 6e 65 77 20 54 65 78 74 44 65 63 6f 64 65 72 28 22 75 74 66 2d 38 22 2c 7b 66 61 74 61 6c 3a 21 31 7d 29 29 3b 63 3d 62 2b 63 3b 61 3d 30 3d 3d 3d 62 26 26 63 3d 3d 3d 61 2e 6c 65 6e 67 74 68 3f 61 3a 61 2e 73 75 62 61 72 72 61 79 28 62 2c 63 29 3b 74 72 79 7b 72 65 74 75 72 6e 20 65 2e 64 65 63 6f 64 65 28 61 29 7d 63 61 74 63 68 28 66 29 7b 69 66 28 62 3d 64 29 7b 69 66 28 76 6f 69 64 20 Data Ascii: th=0);return caa(f,e)};_.haa=function(a,b,c,d){var e;d?(e=eaa)\|\|(e=eaa=new TextDecoder("utf-8",{fatal:!0})):(e=faa)\|\|(e=faa=new TextDecoder("utf-8",{fatal:!1}));c=b+c;a=0===b&&c===a.length?a:a.subarray(b,c);try{return e.decode(a)}catch(f){if(b=d){if(void
2024-01-30 17:51:40 UTC	79	IN	Data Raw: 6e 20 5f 2e 6d 61 61 3f 5f 2e 65 61 3f 5f 2e 65 61 2e 62 72 61 6e 64 73 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 28 62 3d 62 2e 62 72 61 6e 64 29 26 26 5f 2e 66 61 28 62 2c 61 29 7d 29 3a 21 31 3a 21 31 7d Data Ascii: n _.maa?_.ea?_.ea.brands.some(function(b){return(b=b.brand)&&_.fa(b,a)}):!1:!1}
2024-01-30 17:51:40 UTC	1252	IN	Data Raw: 3b 5f 2e 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 66 61 28 5f 2e 64 61 28 29 2c 61 29 7d 3b 0a 6f 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28 28 2e 2a 3f 29 5c 5c 29 29 3f 22 2c 22 67 22 29 2c 63 3d 5b 5d 2c 64 3b 64 3d 62 2e 65 78 65 63 28 61 29 3b 29 63 2e 70 75 73 68 28 5b 64 5b 31 5d 2c 64 5b 32 5d 2c 64 5b 33 5d 7c 7c 76 6f 69 64 20 30 5d 29 3b 72 65 74 75 72 6e 20 63 7d 3b 70 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 21 3d 3d 61 26 26 61 7c 7c 5f 2e 6d 61 61 3f 21 21 5f 2e 65 61 26 26 30 3c 5f 2e 65 61 2e 62 72 61 6e 64 73 Data Ascii: ;_.ha=function(a){return _.fa(_.da(),a)};oaa=function(a){for(var b=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s(?:\\((.?)\\))?","g"),c=[],d;d=b.exec(a);)c.push([d[1],d[2],d[3]\|\|void 0]);return c};paa=function(a){return void 0!==a&&a\|\|_.maa?!!_.ea&&0<_.ea.brands
2024-01-30 17:51:40 UTC	1252	IN	Data Raw: 62 28 5b 22 43 68 72 6f 6d 65 22 2c 22 43 72 69 4f 53 22 2c 22 48 65 61 64 6c 65 73 73 43 68 72 6f 6d 65 22 5d 29 3a 28 61 3d 61 5b 32 5d 29 26 26 61 5b 31 5d 7c 7c 22 22 7d 3b 0a 43 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 2f 72 76 3a 20 2a 28 5b 5c 64 5c 2e 5d 2a 29 2f 2e 65 78 65 63 28 61 29 3b 69 66 28 62 26 26 62 5b 31 5d 29 72 65 74 75 72 6e 20 62 5b 31 5d 3b 62 3d 22 22 3b 76 61 72 20 63 3d 2f 4d 53 49 45 20 2b 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 63 28 61 29 3b 69 66 28 63 26 26 63 5b 31 5d 29 69 66 28 61 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 61 29 2c 22 37 2e 30 22 3d 3d 63 5b 31 5d 29 69 66 28 61 26 26 61 5b 31 5d 29 73 77 69 74 63 68 28 61 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 Data Ascii: b(["Chrome","CriOS","HeadlessChrome"]):(a=a[2])&&a[1]\|\|""};Caa=function(a){var b=/rv: ([\d\.])/.exec(a);if(b&&b[1])return b[1];b="";var c=/MSIE +([\d\.]+)/.exec(a);if(c&&c[1])if(a=/Trident\/(\d.\d)/.exec(a),"7.0"==c[1])if(a&&a[1])switch(a[1]){case "4.0
2024-01-30 17:51:40 UTC	1252	IN	Data Raw: 6e 64 3d 3d 3d 61 7d 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 22 22 3d 3d 3d 62 29 72 65 74 75 72 6e 3b 72 65 74 75 72 6e 20 6e 65 77 20 48 61 61 28 61 2c 63 2c 62 29 7d 3b 0a 4a 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 6d 61 61 3f 21 21 5f 2e 65 61 26 26 21 21 5f 2e 65 61 2e 70 6c 61 74 66 6f 72 6d 3a 21 31 7d 3b 5f 2e 69 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4a 61 61 28 29 3f 22 41 6e 64 72 6f 69 64 22 3d 3d 3d 5f 2e 65 61 2e 70 6c 61 74 66 6f 72 6d 3a 5f 2e 68 61 28 22 41 6e 64 72 6f 69 64 22 29 7d 3b 5f 2e 4b 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 68 61 28 22 69 50 68 6f 6e 65 22 29 26 26 21 5f 2e 68 61 28 22 69 50 6f 64 22 29 26 26 21 5f 2e 68 61 28 22 69 50 61 Data Ascii: nd===a}))return}else if(""===b)return;return new Haa(a,c,b)};Jaa=function(){return _.maa?!!_.ea&&!!_.ea.platform:!1};_.ia=function(){return Jaa()?"Android"===_.ea.platform:_.ha("Android")};_.Kaa=function(){return _.ha("iPhone")&&!_.ha("iPod")&&!_.ha("iPa
2024-01-30 17:51:40 UTC	1252	IN	Data Raw: 61 2e 6c 65 6e 67 74 68 2d 31 3b 30 3c 3d 65 3b 2d 2d 65 29 65 20 69 6e 20 64 26 26 62 2e 63 61 6c 6c 28 63 2c 64 5b 65 5d 2c 65 2c 61 29 7d 3b 5f 2e 72 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 62 3d 5f 2e 71 61 28 61 2c 62 2c 63 29 3b 72 65 74 75 72 6e 20 30 3e 62 3f 6e 75 6c 6c 3a 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f 66 20 61 3f 61 2e 63 68 61 72 41 74 28 62 29 3a 61 5b 62 5d 7d 3b 5f 2e 71 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 6f 72 28 76 61 72 20 64 3d 61 2e 6c 65 6e 67 74 68 2c 65 3d 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f 66 20 61 3f 61 2e 73 70 6c 69 74 28 22 22 29 3a 61 2c 66 3d 30 3b 66 3c 64 3b 66 2b 2b 29 69 66 28 66 20 69 6e 20 65 26 26 62 2e 63 61 6c 6c 28 63 2c 65 5b 66 5d 2c 66 2c 61 29 29 Data Ascii: a.length-1;0<=e;--e)e in d&&b.call(c,d[e],e,a)};_.ra=function(a,b,c){b=_.qa(a,b,c);return 0>b?null:"string"===typeof a?a.charAt(b):a[b]};_.qa=function(a,b,c){for(var d=a.length,e="string"===typeof a?a.split(""):a,f=0;f<d;f++)if(f in e&&b.call(c,e[f],f,a))
2024-01-30 17:51:40 UTC	1252	IN	Data Raw: 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 61 72 67 75 6d 65 6e 74 73 5b 63 5d 3b 69 66 28 5f 2e 46 61 28 64 29 29 7b 76 61 72 20 65 3d 61 2e 6c 65 6e 67 74 68 7c 7c 30 2c 66 3d 64 2e 6c 65 6e 67 74 68 7c 7c 30 3b 61 2e 6c 65 6e 67 74 68 3d 65 2b 66 3b 66 6f 72 28 76 61 72 20 67 3d 30 3b 67 3c 66 3b 67 2b 2b 29 61 5b 65 2b 67 5d 3d 64 5b 67 5d 7d 65 6c 73 65 20 61 2e 70 75 73 68 28 64 29 7d 7d 3b 5f 2e 4b 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 70 6c 69 63 65 2e 61 70 70 6c 79 28 61 2c 5f 2e 59 61 61 28 61 72 67 75 6d 65 6e 74 73 2c 31 29 29 7d 3b 5f 2e 59 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 Data Ascii: uments.length;c++){var d=arguments[c];if(_.Fa(d)){var e=a.length\|\|0,f=d.length\|\|0;a.length=e+f;for(var g=0;g<f;g++)a[e+g]=d[g]}else a.push(d)}};_.Ka=function(a,b,c,d){return Array.prototype.splice.apply(a,_.Yaa(arguments,1))};_.Yaa=function(a,b,c){return

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:40 UTC	286	OUT	CONNECT www.microsoft.com:443 HTTP/1.1 Host: www.microsoft.com:443 Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 chrome-tunnel: key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
2024-01-30 17:51:40 UTC	145	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Date: Tue, 30 Jan 2024 17:51:40 GMT Content-Length: 16 Connection: close
2024-01-30 17:51:40 UTC	16	IN	Data Raw: 49 6e 76 61 6c 69 64 20 70 72 6f 74 6f 63 6f 6c Data Ascii: Invalid protocol

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:40 UTC	1135	OUT	GET /verify/ANsg4T5QHLvXpo4u06bQ1eEiExZGAYDL-COfDItNG4_cYY8YaN7qmLTCN_DEz-68J9Rsr_JOG2lQzsVa3hABiNicX3XPnK-qGPe1tOZGBNUUFvQmQfsQLw HTTP/1.1 Host: id.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=s82NdxBaGSH8HxMBLOcwvQpPzv4y-mUgW_d9F7q5R75kTlIRPMncU7iV21f6MmTKzsbm9O89dDCBLJZZNbykzIqZ9LcgUs96i2BkApgz8PH3PiG1Fhzsjr2PRztNhbt9gnl94FekHS0ArONy3z7WCbcUNDAac--5IhXnjkI59xc
2024-01-30 17:51:41 UTC	827	IN	HTTP/1.1 204 No Content Content-Type: text/plain; charset=UTF-8 Date: Tue, 30 Jan 2024 17:51:41 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Cross-Origin-Resource-Policy: cross-origin P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: scaffolding on HTTPServer2 Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: NID=511=rAZ8vlW45jD6CxStF9D5RSyHvu0bGUWZ7ZLxl3hqVfyBriTC9W2qXDLMMeubSpPywSbksKMUZBJ7RpVGHJnLGgqyyn8HsNP2mfC72QcsOSsai_Ja45lmwWy-2o866CgZJ03eHGmAd5uWYNK7PuVmhECbs2-t2WZ99Hbg8Pbu1GQ6fUpnVJiP2Kev4NIjLvqI1tnq; expires=Wed, 31-Jul-2024 17:51:41 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:40 UTC	1552	OUT	POST /gen_204?s=web&t=aft&atyp=csi&ei=Kze5ZY_EKtunqtsPm7mdiAw&rt=wsrt.348,aft.675,afti.675,aftr.399,afts.356,frts.326,frvt.675,hst.151,prt.491,sct.295&frtp=317&imn=38&ima=3&imad=2&imac=3&wh=870&aft=1&aftp=870&opi=89978449 HTTP/1.1 Host: www.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.149" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=s82NdxBaGSH8HxMBLOcwvQpPzv4y-mUgW_d9F7q5R75kTlIRPMncU7iV21f6MmTKzsbm9O89dDCBLJZZNbykzIqZ9LcgUs96i2BkApgz8PH3PiG1Fhzsjr2PRztNhbt9gnl94FekHS0ArONy3z7WCbcUNDAac--5IhXnjkI59xc
2024-01-30 17:51:41 UTC	1227	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-u8PWvgWd4Zdz4yyRohtJTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Date: Tue, 30 Jan 2024 17:51:41 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:41 UTC	284	OUT	CONNECT www.lifewire.com:443 HTTP/1.1 Host: www.lifewire.com:443 Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 chrome-tunnel: key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
2024-01-30 17:51:41 UTC	145	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Date: Tue, 30 Jan 2024 17:51:41 GMT Content-Length: 16 Connection: close
2024-01-30 17:51:41 UTC	16	IN	Data Raw: 49 6e 76 61 6c 69 64 20 70 72 6f 74 6f 63 6f 6c Data Ascii: Invalid protocol

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:41 UTC	1913	OUT	POST /gen_204?atyp=csi&ei=Kze5ZY_EKtunqtsPm7mdiAw&s=web&t=all&frtp=317&imn=38&ima=3&imad=2&imac=3&wh=870&aft=1&aftp=870&adh=tv.6&ime=0&imex=0&imeh=8&imeha=1&imehb=2&imea=0&imeb=8&imel=0&imed=0&scp=0&fld=967&mem=ujhs.7,tjhs.11,jhsl.2173,dm.8&nv=ne.1,feid.a38542f8-984d-4d30-89f1-82d3bde73909&net=dl.10000,ect.4g,rtt.200&hp=&sys=hc.4&p=bs.false&rt=hst.151,sct.295,frts.326,prt.491,xjsls.603,dcl.607,frvt.675,afti.675,afts.356,aftr.399,aft.675,aftqf.676,xjses.1746,xjsee.1786,xjs.1786,lcp.441,fcp.277,wsrt.348,cst.0,dnst.0,rqst.916,rspt.598,rqstt.30,unt.7,cstt.7,dit.955&zx=1706637100756&opi=89978449 HTTP/1.1 Host: www.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.149" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=rAZ8vlW45jD6CxStF9D5RSyHvu0bGUWZ7ZLxl3hqVfyBriTC9W2qXDLMMeubSpPywSbksKMUZBJ7RpVGHJnLGgqyyn8HsNP2mfC72QcsOSsai_Ja45lmwWy-2o866CgZJ03eHGmAd5uWYNK7PuVmhECbs2-t2WZ99Hbg8Pbu1GQ6fUpnVJiP2Kev4NIjLvqI1tnq
2024-01-30 17:51:42 UTC	1227	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-kOKXZOACrWlSnWpmgnU0wA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Date: Tue, 30 Jan 2024 17:51:42 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-01-30 17:51:42 UTC	1467	OUT	GET /compressiontest/gzip.html HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.149" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-01-30-17; AEC=Ae3NU9ONEW9nRwAXRbxxkxRHWsjNmTt-wvvNOHnf7BJSZX_Z2eAsfhmByQ; NID=511=rAZ8vlW45jD6CxStF9D5RSyHvu0bGUWZ7ZLxl3hqVfyBriTC9W2qXDLMMeubSpPywSbksKMUZBJ7RpVGHJnLGgqyyn8HsNP2mfC72QcsOSsai_Ja45lmwWy-2o866CgZJ03eHGmAd5uWYNK7PuVmhECbs2-t2WZ99Hbg8Pbu1GQ6fUpnVJiP2Kev4NIjLvqI1tnq; GZ=Z=0
2024-01-30 17:51:42 UTC	1734	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Tue, 30 Jan 2024 17:51:42 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-sHO63RsEA7V8ZxVYuZe74A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Encoding: gzip Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-01-30-17; expires=Thu, 29-Feb-2024 17:51:42 GMT; path=/; domain=.google.com; Secure; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2024-01-30 17:51:42 UTC	122	IN	Data Raw: 30 30 30 30 30 30 30 31 0d 0a 1f 0d 0a 30 30 30 30 30 30 30 31 0d 0a 8b 0d 0a 30 30 30 30 30 30 30 31 0d 0a 08 0d 0a 30 30 30 30 30 30 30 31 0d 0a 00 0d 0a 30 30 30 30 30 30 30 31 0d 0a 00 0d 0a 30 30 30 30 30 30 30 31 0d 0a 00 0d 0a 30 30 30 30 31 0d 0a 00 0d 0a 31 63 0d 0a 00 02 ff b3 51 4c c9 4f 2e a9 2c 48 55 c8 28 c9 cd b1 03 00 48 ec b9 87 0f 00 00 00 0d 0a Data Ascii: 000000010000000100000001000000010000000100000001000011cQLO.,HU(H
2024-01-30 17:51:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0