Windows Analysis Report
https://transfiles.ru/vyjw4

Phishing

Source: https://transfiles.ru/vyjw4	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9678335887055925&output=html&h=280&slotname=7823858479&adk=642103812&adf=441738196&pi=t.ma~as.7823858479&w=970&abgtt=3&fwrn=4&fwrnh=100&lmt=1716814864&rafmt=1&format=970x280&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814862308&bpp=4&bdt=3661&idt=1768&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=2846887072687&frm=20&pv=2&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=147&ady=158&biw=1263&bih=907&scr_x=0&scr_y=20&eid=44759876%2C44759927%2C44759842%2C31081564%2C31083869%2C31083906%2C42532523%2C95331982%2C31083976%2C95331711%2C21065724%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4347612559431098&tmod=1276184472&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1792
Source: https://transfiles.ru/vyjw4	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9678335887055925&output=html&h=100&slotname=8540115672&adk=3304334544&adf=3870114935&pi=t.ma~as.8540115672&w=970&abgtt=3&lmt=1716814864&format=970x100&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814862312&bpp=1&bdt=3665&idt=1804&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=970x280&correlator=2846887072687&frm=20&pv=1&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=147&ady=823&biw=1263&bih=907&scr_x=0&scr_y=58&eid=44759876%2C44759927%2C44759842%2C31081564%2C31083869%2C31083906%2C42532523%2C95331982%2C31083976%2C95331711%2C21065724%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4347612559431098&tmod=1276184472&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=1809
Source: https://transfiles.ru/vyjw4	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9678335887055925&output=html&adk=1812271804&adf=3025194257&abgtt=3&lmt=1716814864&plat=2%3A16777216%2C3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=135x714_r&format=0x0&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&pra=7&wgl=1&easpi=0&aihb=0&asro=0&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814863478&bpp=2&bdt=4830&idt=648&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=970x280%2C970x100&nras=1&correlator=2846887072687&frm=20&pv=1&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1263&bih=907&scr_x=0&scr_y=58&eid=44759876%2C44759927%2C44759842%2C31081564%2C31083869%2C31083906%2C42532523%2C95331982%2C31083976%2C95331711%2C21065724%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4347612559431098&tmod=1276184472&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&fsb=1&dtd=660
Source: https://transfiles.ru/vyjw4	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/html/r20240522/r20110914/zrt_lookup_fy2021.html

Source: https://googleads.g.doubleclick.net/pagead/html/r20240522/r20110914/zrt_lookup_fy2021.html	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9678335887055925&output=html&h=280&slotname=7823858479&adk=642103812&adf=441738196&pi=t.ma~as.7823858479&w=970&abgtt=3&fwrn=4&fwrnh=100&lmt=1716814864&rafmt=1&format=970x280&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814862308&bpp=4&bdt=3661&idt=1768&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=2846887072687&frm=20&pv=2&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=147&ady=158&biw=1263&bih=907&scr_x=0&scr_y=20&eid=44759876%2C44759927%2C44759842%2C31081564%2C31083869%2C31083906%2C42532523%2C95331982%2C31083976%2C95331711%2C21065724%2C3107866...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9678335887055925&output=html&h=100&slotname=8540115672&adk=3304334544&adf=3870114935&pi=t.ma~as.8540115672&w=970&abgtt=3&lmt=1716814864&format=970x100&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814862312&bpp=1&bdt=3665&idt=1804&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=970x280&correlator=2846887072687&frm=20&pv=1&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=147&ady=823&biw=1263&bih=907&scr_x=0&scr_y=58&eid=44759876%2C44759927%2C44759842%2C31081564%2C31083869%2C31083906%2C42532523%2C95331982%2C31083976%2C95331711%2C21065724%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&p...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240522/r20110914/zrt_lookup_fy2021.html#RS-0-&adk=1812271808&client=ca-pub-9678335887055925&fa=8&ifi=4&uci=a!4	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240522/r20110914/zrt_lookup_fy2021.html#RS-2-&adk=1812271801&client=ca-pub-9678335887055925&fa=1&ifi=6&uci=a!6&btvi=2	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240522/r20110914/zrt_lookup_fy2021.html#RS-1-&adk=1812271804&client=ca-pub-9678335887055925&fa=4&ifi=5&uci=a!5&btvi=1	HTTP Parser: No favicon

Source: https://transfiles.ru/vyjw4

HTTP Parser: No <meta name="author".. found

Source: https://transfiles.ru/vyjw4

HTTP Parser: No <meta name="copyright".. found

Compliance

Source: unknown	HTTPS traffic detected: 92.123.104.38:443 -> 192.168.2.18:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49850 version: TLS 1.2

Networking

Source: unknown	TCP traffic detected without corresponding DNS query: 92.123.104.38
Source: unknown	TCP traffic detected without corresponding DNS query: 92.123.104.38
Source: unknown	TCP traffic detected without corresponding DNS query: 92.123.104.38
Source: unknown	TCP traffic detected without corresponding DNS query: 92.123.104.38
Source: unknown	TCP traffic detected without corresponding DNS query: 92.123.104.38
Source: unknown	TCP traffic detected without corresponding DNS query: 92.123.104.38
Source: unknown	TCP traffic detected without corresponding DNS query: 92.123.104.38
Source: unknown	TCP traffic detected without corresponding DNS query: 92.123.104.38
Source: unknown	TCP traffic detected without corresponding DNS query: 92.123.104.38
Source: unknown	TCP traffic detected without corresponding DNS query: 92.123.104.38
Source: unknown	TCP traffic detected without corresponding DNS query: 92.123.104.38
Source: unknown	TCP traffic detected without corresponding DNS query: 92.123.104.38
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63

Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A410900B03DX-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAWr/cIfQ0iYgRnvKrjOD5PqnHYoLXMgTjo/VpwvsUDD42oDUEI8D3uduU9SHbLveE1nlWYv5D52f2L63ZAmkSR2HZCiPvg2nGzGTYPUdLdTAc46iE7aLfeHmmqzw48Z5g6laki6jD8sbsbkQIBvnH0BCCzxYK982kbgAoi6Rs04D5i67hFiHIThFeGXmdL9TWtCls6y3ytmWuWkY%2BOXalSPOrCOoF5vQthkLVkpa4jgL6XXNsgPBf6p9LFZd3vHy9RB8L65ttphO7LJsaQJNThf3Op5l3TlcMxZ3bKWeVFIHSCC0H%2Bt29rRVd6kg53GSn%2BDKtmXlZcwO/lOk2b/lSGADZgAACH6woKeQ6CprqAEDMUZkyev%2BUqICcRzpAo%2BlUxHEHTte2MVulgQtVVl0gHjnlAjVlZKXjNXDusj4mrOHt5gdCpYh7/1wCmHo/agAZRVyixkNlzfs%2BXi1XGILVbue6NwsVCPq4YoAEm4rP5VSsWrKiVXMVSZa/aNJRosrUBdOXx/CjK/0gRpLwnNNWj82uO14A2902RraFMjzwKu/MCEgmDEm6ygqd06jtduUtya4HWRq0c1xEJTmLB4MfXBPFHjPQZO5S64d9EOEHLeLoUTFs2yZYkz2ZG30555ierzqSIgYX4Jmm7QrjRszggOEn4wm8co/YMMzPohbTxDXulh4lKRBa1gbYCKolTf/K4gARkYyD2AYiUv2bOR8N2Kb9E01wfEPQQU2gTOSs0RaNJxCPaOV9niwl52cydBFTB09p9MzZ%2BCs2ZZMff07h4eho4zHt3Nl6QwUp3acZmFSt5ohCuN7PCa71igeOo0zfDtXjtT%2B/hnwOF8MQu5%2BU3j19Kflq8eVhxPOByRJ7suEaXaPoB39axnnn8ZwSmU6ovnQLAXPCCmmVBZ3%2BDKap6PR/R6gJSq72AE%3D%26p%3DX-Agent-DeviceId: 01000A410900B03DX-BM-CBT: 1716814846User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 36D3137324E84532A906EE90FC5F958DX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=B4BB39E5F80E411D94C438C0FA7ACF94&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&LUT=1707317051026&IPMH=6b344233&IPMID=1707317270835&HV=1707317277; ANON=A=680C1B1A649CBD64DD40EBFCFFFFFFFF; MUID=BC76BB0020D345C1A049A4820CB4C03C; MUIDB=BC76BB0020D345C1A049A4820CB4C03C
Source: global traffic	HTTP traffic detected: GET /vyjw4 HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/jquery.mCustomScrollbar.css HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://transfiles.ru/vyjw4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /css/jquery.bxslider.css HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://transfiles.ru/vyjw4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /css/common.css?rnd=11 HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://transfiles.ru/vyjw4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /css/common_m.css?rnd=11 HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://transfiles.ru/vyjw4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /assets/504097ca/jquery.min.js HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://transfiles.ru/vyjw4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /images/ru.png HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/vyjw4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /images/en.png HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/vyjw4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /images/bg.jpg HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/css/common.css?rnd=11Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /images/logo.png HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/css/common.css?rnd=11Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /images/donate.png HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/css/common.css?rnd=11Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /images/abuse.png HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/css/common.css?rnd=11Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /metrika/tag.js HTTP/1.1Host: mc.yandex.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/btn_qrcode.png HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/css/common.css?rnd=11Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /securimage/show HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/vyjw4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /images/ru.png HTTP/1.1Host: transfiles.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /images/en.png HTTP/1.1Host: transfiles.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /images/bg.jpg HTTP/1.1Host: transfiles.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /js/functions.js?rnd=11 HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://transfiles.ru/vyjw4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /images/logo.png HTTP/1.1Host: transfiles.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /images/donate.png HTTP/1.1Host: transfiles.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /js/download.js?rnd=11 HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://transfiles.ru/vyjw4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /js/jquery.mCustomScrollbar.concat.min.js HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://transfiles.ru/vyjw4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /images/abuse.png HTTP/1.1Host: transfiles.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /js/jquery.bxslider.min.js HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://transfiles.ru/vyjw4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /images/btn_qrcode.png HTTP/1.1Host: transfiles.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /securimage/show HTTP/1.1Host: transfiles.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_check HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /metrika/metrika_match.html HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/loader.gif HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/css/common.css?rnd=11Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5; _ym_uid=1716814863853134129; _ym_d=1716814863
Source: global traffic	HTTP traffic detected: GET /watch/33590114?wmode=7&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22117%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22117%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A117.0.5938.149%0Achl%0A%22Google%20Chrome%22%3Bv%3D%22117.0.5938.149%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22117.0.5938.149%22%0Achm%0A%3F0%0Achp%0AWindows%0Achv%0A10.0.0&browser-info=pv%3A1%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1350%3Acn%3A1%3Adp%3A0%3Als%3A1430974270378%3Ahid%3A880766209%3Az%3A-240%3Ai%3A20240527090102%3Aet%3A1716814863%3Ac%3A1%3Arn%3A553862080%3Arqn%3A1%3Au%3A1716814863853134129%3Aw%3A1263x907%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A4793%3Awv%3A2%3Ads%3A0%2C1736%2C311%2C108%2C26%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1716814856326%3Arqnl%3A1%3Ast%3A1716814864%3At%3ATransFiles%20-%20free%20file%20sharing%20service%20without%20registration%20-%20Page%20to%20download%20the%20upload%20vyjw4&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(21037572)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://transfiles.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake
Source: global traffic	HTTP traffic detected: GET /pagead/html/r20240522/r20110914/zrt_lookup_fy2021.html HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiWocsBCIWgzQEI6cXNAQi5ys0BCInTzQEYwcvMARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-9678335887055925&output=html&h=280&slotname=7823858479&adk=642103812&adf=441738196&pi=t.ma~as.7823858479&w=970&abgtt=3&fwrn=4&fwrnh=100&lmt=1716814864&rafmt=1&format=970x280&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814862308&bpp=4&bdt=3661&idt=1768&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=2846887072687&frm=20&pv=2&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=147&ady=158&biw=1263&bih=907&scr_x=0&scr_y=20&eid=44759876%2C44759927%2C44759842%2C31081564%2C31083869%2C31083906%2C42532523%2C95331982%2C31083976%2C95331711%2C21065724%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4347612559431098&tmod=1276184472&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1792 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiWocsBCIWgzQEI6cXNAQi5ys0BCInTzQEYwcvMARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-9678335887055925&output=html&h=100&slotname=8540115672&adk=3304334544&adf=3870114935&pi=t.ma~as.8540115672&w=970&abgtt=3&lmt=1716814864&format=970x100&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814862312&bpp=1&bdt=3665&idt=1804&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=970x280&correlator=2846887072687&frm=20&pv=1&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=147&ady=823&biw=1263&bih=907&scr_x=0&scr_y=58&eid=44759876%2C44759927%2C44759842%2C31081564%2C31083869%2C31083906%2C42532523%2C95331982%2C31083976%2C95331711%2C21065724%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4347612559431098&tmod=1276184472&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=1809 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiWocsBCIWgzQEI6cXNAQi5ys0BCInTzQEYwcvMARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-9678335887055925&output=html&adk=1812271804&adf=3025194257&abgtt=3&lmt=1716814864&plat=2%3A16777216%2C3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=135x714_r&format=0x0&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&pra=7&wgl=1&easpi=0&aihb=0&asro=0&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814863478&bpp=2&bdt=4830&idt=648&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=970x280%2C970x100&nras=1&correlator=2846887072687&frm=20&pv=1&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1263&bih=907&scr_x=0&scr_y=58&eid=44759876%2C44759927%2C44759842%2C31081564%2C31083869%2C31083906%2C42532523%2C95331982%2C31083976%2C95331711%2C21065724%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4347612559431098&tmod=1276184472&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&fsb=1&dtd=660 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiWocsBCIWgzQEI6cXNAQi5ys0BCInTzQEYwcvMARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10382.WG-FzNqwqkx2taXpWgttA3WC1y76u0R2v_zpQUjg-Luo3xav9R-_WjQ70P7sc7XR.24HwDyiQ52sZFPbI9wAuM7dAMfs%2C HTTP/1.1Host: mc.yandex.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; yandexuid=5250530921716814863; yashr=9089241241716814863
Source: global traffic	HTTP traffic detected: GET /watch/33590114/1?wmode=7&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22117%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22117%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A117.0.5938.149%0Achl%0A%22Google%20Chrome%22%3Bv%3D%22117.0.5938.149%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22117.0.5938.149%22%0Achm%0A%3F0%0Achp%0AWindows%0Achv%0A10.0.0&browser-info=pv%3A1%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1350%3Acn%3A1%3Adp%3A0%3Als%3A1430974270378%3Ahid%3A880766209%3Az%3A-240%3Ai%3A20240527090102%3Aet%3A1716814863%3Ac%3A1%3Arn%3A553862080%3Arqn%3A1%3Au%3A1716814863853134129%3Aw%3A1263x907%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A4793%3Awv%3A2%3Ads%3A0%2C1736%2C311%2C108%2C26%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1716814856326%3Arqnl%3A1%3Ast%3A1716814864%3At%3ATransFiles%20-%20free%20file%20sharing%20service%20without%20registration%20-%20Page%20to%20download%20the%20upload%20vyjw4&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2821037572%29ti%281%29&redirnss=1 HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://transfiles.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; i=ORFQQFJIcSlatNSImRdK4U1nEFBzq8Pwr1CMCVt1P6JI8w6q85nchK/TQhsgVxLkUVhR+Oh0oGqaJFjFmPOXsqpcrHc=; yandexuid=6315998231716814865; yuidss=6315998231716814865; ymex=1748350865.yrts.1716814865#1748350865.yrtsi.1716814865; receive-cookie-deprecation=1; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi
Source: global traffic	HTTP traffic detected: GET /images/loader.gif HTTP/1.1Host: transfiles.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5; _ym_uid=1716814863853134129; _ym_d=1716814863; _ga=GA1.2.625688542.1716814864; _gid=GA1.2.919659162.1716814864; _gat=1
Source: global traffic	HTTP traffic detected: GET /getFilelist HTTP/1.1Host: transfiles.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5; _ym_uid=1716814863853134129; _ym_d=1716814863; _ga=GA1.2.625688542.1716814864; _gid=GA1.2.919659162.1716814864; _gat=1
Source: global traffic	HTTP traffic detected: GET /metrika/advert.gif HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/btn_ok_passive.png HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/css/common.css?rnd=11Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5; _ym_uid=1716814863853134129; _ym_d=1716814863; _ga=GA1.2.625688542.1716814864; _gid=GA1.2.919659162.1716814864; _gat=1
Source: global traffic	HTTP traffic detected: GET /sig.js HTTP/1.1Host: serve.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ng-assets/creative/assets/polyfills-89a25f2d.js HTTP/1.1Host: cdn.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://googleads.g.doubleclick.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ng-assets/creative/assets/index-cb91ca65.css HTTP/1.1Host: cdn.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ng-assets/creative/assets/index-5ff4bbc8.js HTTP/1.1Host: cdn.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://googleads.g.doubleclick.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/btn_ok_passive.png HTTP/1.1Host: transfiles.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5; _ym_uid=1716814863853134129; _ym_d=1716814863; _ga=GA1.2.625688542.1716814864; _gid=GA1.2.919659162.1716814864; _gat=1
Source: global traffic	HTTP traffic detected: GET /manifest.json HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://transfiles.ru/vyjw4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /clmap/33590114?page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&pointer-click=rn%3A532174762%3Ax%3A38665%3Ay%3A28398%3At%3A33%3Ap%3APA1AA1AAAAA%3AX%3A206%3AY%3A679&browser-info=u%3A1716814863853134129%3Av%3A1350%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Arqnl%3A1%3Ast%3A1716814866&t=gdpr(14)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://transfiles.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; yuidss=6315998231716814865; ymex=1748350865.yrts.1716814865#1748350865.yrtsi.1716814865; receive-cookie-deprecation=1; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; i=E8hbGjy9F06yRkF6KIk+v/s06ZPrxPdqEa8IDocIGnRIZqQQfznGQcOEYd2lPEs1eBQOAnDRM5qZt6sx6pZTv3L8fBU=; yandexuid=2608371041716814866; yashr=9366239991716814866
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide?token=10382.5cq1dBE50Kkuy_ARErnvu9SKCgJTJxFW2cpOJu9Sdq3gGgXRMKvorLoop8NRfDk3GMhryxP_ppLhfOrWk4RceX3RtDx_xjsTIYw3gTJPHtJoj1lvKzIrRPbt-iAw-k50H0zvA__wZp2KUy6xvE_BhMBtOiAkkuIB91VBkYaqLXnSy8MedR0zL-5PANJFdJU8agVa0XYp53ptHQ-1tJ-XuR7Gvs6wvT905mfTiMdU57E%2C.i5qyiL9n8tsRGycvaZLcp45yue8%2C HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; yuidss=6315998231716814865; ymex=1748350865.yrts.1716814865#1748350865.yrtsi.1716814865; receive-cookie-deprecation=1; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; i=LZt3EYvi/80czZEuJUlBMD2wF8VQhY1gJexSdg+y0mDgDYMJqE0cxalQGlrtioPPnDvpqeQ5eKW+BzC7HG19qZz7zt8=; yandexuid=3859500731716814865; yashr=567182471716814865
Source: global traffic	HTTP traffic detected: GET /watch/33590114/1?wmode=7&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22117%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22117%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A117.0.5938.149%0Achl%0A%22Google%20Chrome%22%3Bv%3D%22117.0.5938.149%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22117.0.5938.149%22%0Achm%0A%3F0%0Achp%0AWindows%0Achv%0A10.0.0&browser-info=pv%3A1%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1350%3Acn%3A1%3Adp%3A0%3Als%3A1430974270378%3Ahid%3A880766209%3Az%3A-240%3Ai%3A20240527090102%3Aet%3A1716814863%3Ac%3A1%3Arn%3A553862080%3Arqn%3A1%3Au%3A1716814863853134129%3Aw%3A1263x907%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A4793%3Awv%3A2%3Ads%3A0%2C1736%2C311%2C108%2C26%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1716814856326%3Arqnl%3A1%3Ast%3A1716814864%3At%3ATransFiles%20-%20free%20file%20sharing%20service%20without%20registration%20-%20Page%20to%20download%20the%20upload%20vyjw4&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2821037572%29ti%281%29&redirnss=1 HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; yuidss=6315998231716814865; ymex=1748350865.yrts.1716814865#1748350865.yrtsi.1716814865; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; i=LZt3EYvi/80czZEuJUlBMD2wF8VQhY1gJexSdg+y0mDgDYMJqE0cxalQGlrtioPPnDvpqeQ5eKW+BzC7HG19qZz7zt8=; yandexuid=3859500731716814865; yashr=567182471716814865
Source: global traffic	HTTP traffic detected: GET /metrika/advert.gif HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; yuidss=6315998231716814865; ymex=1748350865.yrts.1716814865#1748350865.yrtsi.1716814865; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; i=E8hbGjy9F06yRkF6KIk+v/s06ZPrxPdqEa8IDocIGnRIZqQQfznGQcOEYd2lPEs1eBQOAnDRM5qZt6sx6pZTv3L8fBU=; yandexuid=2608371041716814866; yashr=9366239991716814866
Source: global traffic	HTTP traffic detected: GET /sig.js HTTP/1.1Host: serve.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /getFiles/4002015 HTTP/1.1Host: transfiles.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://transfiles.ru/vyjw4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5; _ym_uid=1716814863853134129; _ym_d=1716814863; _ga=GA1.2.625688542.1716814864; _gid=GA1.2.919659162.1716814864; _gat=1; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_check_secondary HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; yuidss=6315998231716814865; ymex=1748350865.yrts.1716814865#1748350865.yrtsi.1716814865; receive-cookie-deprecation=1; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; i=LZt3EYvi/80czZEuJUlBMD2wF8VQhY1gJexSdg+y0mDgDYMJqE0cxalQGlrtioPPnDvpqeQ5eKW+BzC7HG19qZz7zt8=; yandexuid=3859500731716814865; yashr=567182471716814865
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cP8+YHrWZlfcSED&MD=TPoykatH HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /clmap/33590114?page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&pointer-click=rn%3A532174762%3Ax%3A38665%3Ay%3A28398%3At%3A33%3Ap%3APA1AA1AAAAA%3AX%3A206%3AY%3A679&browser-info=u%3A1716814863853134129%3Av%3A1350%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Arqnl%3A1%3Ast%3A1716814866&t=gdpr(14)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; yashr=9366239991716814866; yandexuid=5250530921716814863; yuidss=5250530921716814863; i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; yp=1716901267.yu.3859500731716814865; ymex=1719406867.oyu.3859500731716814865#1748350865.yrts.1716814865#1748350865.yrtsi.1716814865; sync_cookie_ok=synced
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide?token=10382.5cq1dBE50Kkuy_ARErnvu9SKCgJTJxFW2cpOJu9Sdq3gGgXRMKvorLoop8NRfDk3GMhryxP_ppLhfOrWk4RceX3RtDx_xjsTIYw3gTJPHtJoj1lvKzIrRPbt-iAw-k50H0zvA__wZp2KUy6xvE_BhMBtOiAkkuIB91VBkYaqLXnSy8MedR0zL-5PANJFdJU8agVa0XYp53ptHQ-1tJ-XuR7Gvs6wvT905mfTiMdU57E%2C.i5qyiL9n8tsRGycvaZLcp45yue8%2C HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; yashr=9366239991716814866; yandexuid=5250530921716814863; yuidss=5250530921716814863; i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; yp=1716901267.yu.3859500731716814865; ymex=1719406867.oyu.3859500731716814865#1748350865.yrts.1716814865#1748350865.yrtsi.1716814865; sync_cookie_ok=synced
Source: global traffic	HTTP traffic detected: GET /sqoutlogo_1716467887.png HTTP/1.1Host: cdn.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=2f13d336-1c29-11ef-973a-429466836eec
Source: global traffic	HTTP traffic detected: GET /compressedFonts/RobotoRegular.woff2 HTTP/1.1Host: cdn.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://googleads.g.doubleclick.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sig.js HTTP/1.1Host: serve.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=2f13d336-1c29-11ef-973a-429466836eec
Source: global traffic	HTTP traffic detected: GET /compressedFonts/RobotoBold.woff2 HTTP/1.1Host: cdn.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://googleads.g.doubleclick.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10382.91OTDC7CGhMUgd5msKBQIdMJAOVISv1vNGp9EokNsvH6IRYIY439ilpR9ghFy4Z1.AZ1YOtlm9mvrCEh9G3ToKwugLbw%2C HTTP/1.1Host: mc.yandex.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; yandexuid=5250530921716814863; yashr=9089241241716814863; sync_cookie_csrf=3835061975fake
Source: global traffic	HTTP traffic detected: GET /sqoutlogo_1716467887.png HTTP/1.1Host: cdn.bidbrain.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=2f13d336-1c29-11ef-973a-429466836eec
Source: global traffic	HTTP traffic detected: GET /sig.js HTTP/1.1Host: serve.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=2f13d336-1c29-11ef-973a-429466836eec
Source: global traffic	HTTP traffic detected: GET /rtimp?sid=2e0e941e-1c29-11ef-9fb8-16c77870c855&d=transfiles.ru&cr=ext_continue_sqout_nd32&a=imp&p=ZlSEEgAD5a4CO87BAAXqAkO-BDQEmDBZTmf2Jw&im=ywfmR2pDhgFZ29M1QD0u7KbGNvKqoIeCNHh4KGkQ1dC2XSH5b7FXZyvz8fXBwrnP_j336behaBhG_l925hs-oP57YzR_SraPoWWNDaFhr11y_Lu1-P-fJrgIfZm2SFi9e_uJWGoA1WacgJ_5BBNOM88Y5rIKRcYHKI7inJGL1bvY7oqQ8cXdlucoAPyei5KnxwwgvgUwFwT2GCM3ZaLZryWSVhRAvSjj4bn3G0skWmojUUgxhDZY5pA1Q4FMtWNt0e-5w0CPeyryGO_fFIKaPBAXKYoUN-dDujfjxw3XKBjvd-3qhajYhJlX2qQgp7Ar&cbvp=2 HTTP/1.1Host: g.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=2f13d336-1c29-11ef-973a-429466836eec
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rtimp?sid=2e24c048-1c29-11ef-9fb3-461def39b9c5&d=transfiles.ru&cr=ext_continue_sqout_nd32&a=imp&p=ZlSEEgAF0l4CO9JEAAYDwf_oVh8NlMxuVSTtyg&im=csTClgnNfcpzdZKOYPVS4AvGC71xOMJpdRfirF6zakSHapprQEYr70VZBY2CDDimrqDbxBrqQRgM2kPbfaGjE3WpBLcswnTxJgoObX02k6-KiztT_vYR4wO4hY1yz1EXXu5TxjYh-Qj7HmQ5PbFloc0nQhX8IVDC866aJqbSTql8vHj7_pJX_a95XX4rSjiXd4Na51NTHs1Fbk7EPhLVXq21sQ37tP1x0rHKsWQdP-mTgMcQTLcuZUk6guOp_Ji83jtLJQlmRol5AMRJw4VTLm49kqz2sd3npcfeWRDMzVAK6RO6QPn_MeolthgAxovwV6N8r04wYn-ewqY1oQ5RFWv2_PeqDr4kKCJvAOAFDsU&cbvp=2 HTTP/1.1Host: g.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=2f13d336-1c29-11ef-973a-429466836eec
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=CAIqXEoRUZq7LD8Gd78EPgtSXmAe9qs_Ndemi3NbEEsCNtwEQASAAYMkGggEXY2EtcHViLTk2NzgzMzU4ODcwNTU5MjXIAQmoAwHIAwKqBOkBT9DtPGeYQY5dYXYiBj0xruaMf1DEhRVGynZK6w48Ujl41s1YPYGOkYOeHnwQe97oPGQH0hefM4OQTmRK9is87HziHmkIVO0EeFPn3aSDtoDufow8b7k6amJVFY1EeWS0hifj7LDmnZUcELLtYABjxNzTh529P4wHkBv2BKadUbtokO9GZBiTODx8EiP32YbxhtXI0KAi1FCczvBC6nmsWM2BI4BoNaS0hSCvCvhn9TWKDRYF4MqYhV87SQGKWj58APy9zEhQ1PkFIlgKbhRGezn4zFWaRUTVRP1cLa9a3j8uNBULEHk3sDuABq_-tKHlnqO4kwGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggiCIBhEAEyAooCOgmAQIDAgICAoChIvf3BOliwhv3h8a2GA4AKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi05Njc4MzM1ODg3MDU1OTI1GAA&sigh=X-cx5vN0UcU&uach_m=%5BUACH%5D&cid=CAQSTgDaQooLTW7u4oge14IuBjKtz3YT8jNF6w2C2f2dpMInZBKZdkhNtx6SNLsj0rEk5kU2Z30Vy-VDSFFKHeVSUvnj0Vh7CRDgM4E2fEuvdBgB&cbvp=2&vis=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiWocsBCIWgzQEI6cXNAQi5ys0BCInTzQEYwcvMARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9678335887055925&output=html&h=280&slotname=7823858479&adk=642103812&adf=441738196&pi=t.ma~as.7823858479&w=970&abgtt=3&fwrn=4&fwrnh=100&lmt=1716814864&rafmt=1&format=970x280&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814862308&bpp=4&bdt=3661&idt=1768&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=2846887072687&frm=20&pv=2&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=147&ady=158&biw=1263&bih=907&scr_x=0&scr_y=20&eid=44759876%2C44759927%2C44759842%2C31081564%2C31083869%2C31083906%2C42532523%2C95331982%2C31083976%2C95331711%2C21065724%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4347612559431098&tmod=1276184472&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1792Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=ClnvfEoRUZt6kF8Sk78EPwYeYiAi9qs_Ndemi3NbEEsCNtwEQASAAYMkGggEXY2EtcHViLTk2NzgzMzU4ODcwNTU5MjXIAQmoAwHIAwKqBOkBT9DJs4DwZkFXazdC1vb_IfyT66cVwzssloIAuPYWdk2pvdtdkGfl8RgS3j-Rb1GTsGsjffrBVrJompxkEBZ924zCEaxLXjpE8OBkyCvMc-kiBz_1sMZqZ6htcQ27oYfZHqEPFnNPxSHQPU1iEcdIX0FhjqCDTxj4rDa-b17-SC3kMU1BJlX07cp2Z9WAoB96JWUXADgY-JX7-YKhNJ443k1YUuN81i0TyhiIYfAGYqM-zP8TWNDBiwTRBYrnljr4fSJestOWOB7pVjcW6IT-vAxBFegz9lpnTD1Nae1FR4Aefzq-zoyo2HGABq_-tKHlnqO4kwGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggiCIBhEAEyAooCOgmAQIDAgICAoChIvf3BOljO2oTi8a2GA4AKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi05Njc4MzM1ODg3MDU1OTI1GAA&sigh=2wcJhgJJwFM&uach_m=%5BUACH%5D&cid=CAQSTgDaQooLoh93Sadr21NHJ2zkjDpMZfnXwrBt59depIsu5gVxrAevUT4Mr3AQrbvEezgmEpr4CE-bTyWvTiwSPN_8bxGxnJJ5_qKbjddvxxgB&cbvp=2&vis=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiWocsBCIWgzQEI6cXNAQi5ys0BCInTzQEYwcvMARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9678335887055925&output=html&h=100&slotname=8540115672&adk=3304334544&adf=3870114935&pi=t.ma~as.8540115672&w=970&abgtt=3&lmt=1716814864&format=970x100&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814862312&bpp=1&bdt=3665&idt=1804&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=970x280&correlator=2846887072687&frm=20&pv=1&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=147&ady=823&biw=1263&bih=907&scr_x=0&scr_y=58&eid=44759876%2C44759927%2C44759842%2C31081564%2C31083869%2C31083906%2C42532523%2C95331982%2C31083976%2C95331711%2C21065724%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4347612559431098&tmod=1276184472&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=1809Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /sig.js HTTP/1.1Host: serve.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=2f13d336-1c29-11ef-973a-429466836eec
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide_secondary?token=10382.PHokSIao8yHItpVHoilKJ7LvElhcKk_OfeMiRfRUAgZFbdT46izlmiBOc95P41WQVdZoaHSNmzacvchSIRLsAY-LRphnUACZ3FDhGTBBZqn6Bhvm3QpWT2dpAkU5csY4NoyTXdi0OOB-upnzWehEU4VYYeizz3kakGib1K_v3IrBnoGG5wDQeWCaVEMh-C_xZ5S90lf4fiLJREm5w_U2Nvm1jAiRpncuE676e0bo3io%2C.z5voVyT0_z8pviNRWNtRjPKoezg%2C HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://transfiles.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; receive-cookie-deprecation=1; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; yashr=9366239991716814866; yandexuid=5250530921716814863; yuidss=5250530921716814863; i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; sync_cookie_ok=synced; yp=1716901268.yu.5250530921716814863; ymex=1719406868.oyu.5250530921716814863#1748350865.yrts.1716814865#1748350865.yrtsi.1716814865
Source: global traffic	HTTP traffic detected: GET /rtimp?sid=2e244fb1-1c29-11ef-b0f4-d2277ebcbbb5&d=transfiles.ru&cr=ext_continue_sqout_nd32&a=imp&p=ZlSEEgAGDdYCO-r6AAcJC_-W3iwZbgKf8EC6zw&im=pu5YYgOdMKh3hZcQT5pOtQ1fuefa_O2thmGP8qaFHLw2_seHACtcIB2PAHwtPzSji5_qPFMUeyEitJcFU7e47zmi--j2RlC8SMDTqKXpg9yeQ_gpoHLO9hnwgpNmfIXeqxkSi8CLj8GFc58ltkT69bN-jEFuvWc6Bm-499LDV5_Vv3yjs-xc-A9gHG2JKWMIh_T4zsjcXkk26PYT9wH63dr-VAWIZx10MW7BJDYhYJ6MqnmSHC81C9qd6XTW-wInF1qD8KfoxCYz37lwP7FMNLiyeAMpcHJ1DfLtWx65USjwDbFYowUFSevDYCcRt8Km&cbvp=2 HTTP/1.1Host: g.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=2f13d336-1c29-11ef-973a-429466836eec; sid_cross=2e24c048-1c29-11ef-9fb3-461def39b9c5
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=CAIqXEoRUZq7LD8Gd78EPgtSXmAe9qs_Ndemi3NbEEsCNtwEQASAAYMkGggEXY2EtcHViLTk2NzgzMzU4ODcwNTU5MjXIAQmoAwHIAwKqBOkBT9DtPGeYQY5dYXYiBj0xruaMf1DEhRVGynZK6w48Ujl41s1YPYGOkYOeHnwQe97oPGQH0hefM4OQTmRK9is87HziHmkIVO0EeFPn3aSDtoDufow8b7k6amJVFY1EeWS0hifj7LDmnZUcELLtYABjxNzTh529P4wHkBv2BKadUbtokO9GZBiTODx8EiP32YbxhtXI0KAi1FCczvBC6nmsWM2BI4BoNaS0hSCvCvhn9TWKDRYF4MqYhV87SQGKWj58APy9zEhQ1PkFIlgKbhRGezn4zFWaRUTVRP1cLa9a3j8uNBULEHk3sDuABq_-tKHlnqO4kwGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggiCIBhEAEyAooCOgmAQIDAgICAoChIvf3BOliwhv3h8a2GA4AKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi05Njc4MzM1ODg3MDU1OTI1GAA&sigh=X-cx5vN0UcU&uach_m=%5BUACH%5D&cid=CAQSTgDaQooLTW7u4oge14IuBjKtz3YT8jNF6w2C2f2dpMInZBKZdkhNtx6SNLsj0rEk5kU2Z30Vy-VDSFFKHeVSUvnj0Vh7CRDgM4E2fEuvdBgB&cbvp=2&vis=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiWocsBCIWgzQEI6cXNAQi5ys0BCInTzQEYwcvMARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmZGr8Gb454sMA-vt-6SWpqQt1dgsCDcIJcX7DgxXRw5CeM5VDq0RisShoaBEQ
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=ClnvfEoRUZt6kF8Sk78EPwYeYiAi9qs_Ndemi3NbEEsCNtwEQASAAYMkGggEXY2EtcHViLTk2NzgzMzU4ODcwNTU5MjXIAQmoAwHIAwKqBOkBT9DJs4DwZkFXazdC1vb_IfyT66cVwzssloIAuPYWdk2pvdtdkGfl8RgS3j-Rb1GTsGsjffrBVrJompxkEBZ924zCEaxLXjpE8OBkyCvMc-kiBz_1sMZqZ6htcQ27oYfZHqEPFnNPxSHQPU1iEcdIX0FhjqCDTxj4rDa-b17-SC3kMU1BJlX07cp2Z9WAoB96JWUXADgY-JX7-YKhNJ443k1YUuN81i0TyhiIYfAGYqM-zP8TWNDBiwTRBYrnljr4fSJestOWOB7pVjcW6IT-vAxBFegz9lpnTD1Nae1FR4Aefzq-zoyo2HGABq_-tKHlnqO4kwGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggiCIBhEAEyAooCOgmAQIDAgICAoChIvf3BOljO2oTi8a2GA4AKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi05Njc4MzM1ODg3MDU1OTI1GAA&sigh=2wcJhgJJwFM&uach_m=%5BUACH%5D&cid=CAQSTgDaQooLoh93Sadr21NHJ2zkjDpMZfnXwrBt59depIsu5gVxrAevUT4Mr3AQrbvEezgmEpr4CE-bTyWvTiwSPN_8bxGxnJJ5_qKbjddvxxgB&cbvp=2&vis=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiWocsBCIWgzQEI6cXNAQi5ys0BCInTzQEYwcvMARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUk2Co9pq95NGzMu5KOeKWs8P98oKa60jC9vhZG0ZyYTPcE6LZk_6y2W_PG2NHY
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=ChkXoEoRUZtabGPrV78EPi5KcyAW9qs_Ndemi3NbEEsCNtwEQASAAYMkGggEXY2EtcHViLTk2NzgzMzU4ODcwNTU5MjXIAQmoAwHIAwKqBOoBT9AlBXsp115XZA7Amy_hNtZN7Fu4gGE0K_C2VEOzYhKFiTzi6z6F5bSB43mKXoWFjL0rhutsk1D7LCgTdJZVmsyPLS6iHWK6xDS3uYNkAHIRo2qMqVqABDQRBkP-wc6m2NgRWxnlFJlOwd8xLNYpS5AVzvKA-MhbiJo0PoYWk4H0BKkTlI_Dv39CQ7SkJna53Mqr0XWRmCK5qNfbcFwe_YfuwyZS6H7S8VI4DNgSq2eIQ8oFmKODii4u_asf7HU2op18-afZVnT8ogGJRPG6RVAIN4b1g-GhHBb8yN1jaxJBy1CERrewT5lhgAav_rSh5Z6juJMBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHrb6xAtgHANIIIgiAYRABMgKKAjoJgECAwICAgKAoSL39wTpY9LeF4vGthgOACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItOTY3ODMzNTg4NzA1NTkyNRgA&sigh=BZmvZsc00Ug&uach_m=%5BUACH%5D&cid=CAQSTgDaQooLNLBfoQVCmJOdffnJqi40f_xWMBJ0aoP0NYY3lCOpK9Ard5Y6VEggUHLn7qVkB0kkfAYylevaQD5lNX5wuqGnRSXClVGmF7emcxgB&cbvp=2&vis=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiWocsBCIWgzQEI6cXNAQi5ys0BCInTzQEYwcvMARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/pagead/html/r20240522/r20110914/zrt_lookup_fy2021.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUk2Co9pq95NGzMu5KOeKWs8P98oKa60jC9vhZG0ZyYTPcE6LZk_6y2W_PG2NHY
Source: global traffic	HTTP traffic detected: GET /webvisor/33590114?wv-part=1&wv-check=5780&wv-type=0&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=716971472&browser-info=we%3A1%3Aet%3A1716814869%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090108%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814869&t=gdpr(14)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; yashr=9366239991716814866; yandexuid=5250530921716814863; yuidss=5250530921716814863; i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; sync_cookie_ok=synced; _yasc=5TkufLKNFZ1SUivFRNmv77/RbNybJb776YeoHFmfLwNa4UkekAK6FN35ofSbC2Iqqw==; yp=1716901268.yu.5250530921716814863; ymex=1719406868.oyu.5250530921716814863#1748350865.yrts.1716814865#1748350865.yrtsi.1716814865
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide_secondary?token=10382.PHokSIao8yHItpVHoilKJ7LvElhcKk_OfeMiRfRUAgZFbdT46izlmiBOc95P41WQVdZoaHSNmzacvchSIRLsAY-LRphnUACZ3FDhGTBBZqn6Bhvm3QpWT2dpAkU5csY4NoyTXdi0OOB-upnzWehEU4VYYeizz3kakGib1K_v3IrBnoGG5wDQeWCaVEMh-C_xZ5S90lf4fiLJREm5w_U2Nvm1jAiRpncuE676e0bo3io%2C.z5voVyT0_z8pviNRWNtRjPKoezg%2C HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; yashr=9366239991716814866; yandexuid=5250530921716814863; yuidss=5250530921716814863; i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; sync_cookie_ok=synced; _yasc=5TkufLKNFZ1SUivFRNmv77/RbNybJb776YeoHFmfLwNa4UkekAK6FN35ofSbC2Iqqw==; yp=1716901268.yu.5250530921716814863; ymex=1719406868.oyu.5250530921716814863#1748350865.yrts.1716814865#1748350865.yrtsi.1716814865
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=ChkXoEoRUZtabGPrV78EPi5KcyAW9qs_Ndemi3NbEEsCNtwEQASAAYMkGggEXY2EtcHViLTk2NzgzMzU4ODcwNTU5MjXIAQmoAwHIAwKqBOoBT9AlBXsp115XZA7Amy_hNtZN7Fu4gGE0K_C2VEOzYhKFiTzi6z6F5bSB43mKXoWFjL0rhutsk1D7LCgTdJZVmsyPLS6iHWK6xDS3uYNkAHIRo2qMqVqABDQRBkP-wc6m2NgRWxnlFJlOwd8xLNYpS5AVzvKA-MhbiJo0PoYWk4H0BKkTlI_Dv39CQ7SkJna53Mqr0XWRmCK5qNfbcFwe_YfuwyZS6H7S8VI4DNgSq2eIQ8oFmKODii4u_asf7HU2op18-afZVnT8ogGJRPG6RVAIN4b1g-GhHBb8yN1jaxJBy1CERrewT5lhgAav_rSh5Z6juJMBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHrb6xAtgHANIIIgiAYRABMgKKAjoJgECAwICAgKAoSL39wTpY9LeF4vGthgOACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItOTY3ODMzNTg4NzA1NTkyNRgA&sigh=BZmvZsc00Ug&uach_m=%5BUACH%5D&cid=CAQSTgDaQooLNLBfoQVCmJOdffnJqi40f_xWMBJ0aoP0NYY3lCOpK9Ard5Y6VEggUHLn7qVkB0kkfAYylevaQD5lNX5wuqGnRSXClVGmF7emcxgB&cbvp=2&vis=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiWocsBCIWgzQEI6cXNAQi5ys0BCInTzQEYwcvMARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUk2Co9pq95NGzMu5KOeKWs8P98oKa60jC9vhZG0ZyYTPcE6LZk_6y2W_PG2NHY
Source: global traffic	HTTP traffic detected: GET /webvisor/33590114?wv-part=1&wv-type=7&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=487012232&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1716814870%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090109%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814870&t=gdpr(14)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; yashr=9366239991716814866; yandexuid=5250530921716814863; yuidss=5250530921716814863; i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; sync_cookie_ok=synced; _yasc=5TkufLKNFZ1SUivFRNmv77/RbNybJb776YeoHFmfLwNa4UkekAK6FN35ofSbC2Iqqw==; yp=1716901268.yu.5250530921716814863; ymex=1719406868.oyu.5250530921716814863#1748350865.yrts.1716814865#1748350865.yrtsi.1716814865
Source: global traffic	HTTP traffic detected: GET /webvisor/33590114?wv-part=1&wv-type=7&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=613221953&browser-info=we%3A1%3Aet%3A1716814870%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090110%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814870&t=gdpr(14)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; yashr=9366239991716814866; yandexuid=5250530921716814863; yuidss=5250530921716814863; i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; sync_cookie_ok=synced; _yasc=5TkufLKNFZ1SUivFRNmv77/RbNybJb776YeoHFmfLwNa4UkekAK6FN35ofSbC2Iqqw==; yp=1716901268.yu.5250530921716814863; ymex=1719406868.oyu.5250530921716814863#1748350865.yrts.1716814865#1748350865.yrtsi.1716814865
Source: global traffic	HTTP traffic detected: GET /webvisor/33590114?wv-part=2&wv-type=7&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=137156753&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1716814871%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090111%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814871&t=gdpr(14)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; yashr=9366239991716814866; yandexuid=5250530921716814863; yuidss=5250530921716814863; i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; sync_cookie_ok=synced; _yasc=5TkufLKNFZ1SUivFRNmv77/RbNybJb776YeoHFmfLwNa4UkekAK6FN35ofSbC2Iqqw==; yp=1716901268.yu.5250530921716814863; ymex=1719406868.oyu.5250530921716814863#1748350865.yrts.1716814865#1748350865.yrtsi.1716814865
Source: global traffic	HTTP traffic detected: GET /webvisor/33590114?wv-part=2&wv-check=20957&wv-type=0&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=25282607&browser-info=we%3A1%3Aet%3A1716814871%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090111%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814871&t=gdpr(14)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; yashr=9366239991716814866; yandexuid=5250530921716814863; yuidss=5250530921716814863; i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; sync_cookie_ok=synced; _yasc=5TkufLKNFZ1SUivFRNmv77/RbNybJb776YeoHFmfLwNa4UkekAK6FN35ofSbC2Iqqw==; yp=1716901268.yu.5250530921716814863; ymex=1719406868.oyu.5250530921716814863#1748350865.yrts.1716814865#1748350865.yrtsi.1716814865
Source: global traffic	HTTP traffic detected: GET /webvisor/33590114?wv-part=2&wv-type=7&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=305471114&browser-info=we%3A1%3Aet%3A1716814872%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090111%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814872&t=gdpr(14)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; yashr=9366239991716814866; yandexuid=5250530921716814863; yuidss=5250530921716814863; i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; sync_cookie_ok=synced; _yasc=5TkufLKNFZ1SUivFRNmv77/RbNybJb776YeoHFmfLwNa4UkekAK6FN35ofSbC2Iqqw==; yp=1716901268.yu.5250530921716814863; ymex=1719406868.oyu.5250530921716814863#1748350865.yrts.1716814865#1748350865.yrtsi.1716814865
Source: global traffic	HTTP traffic detected: GET /webvisor/33590114?wv-part=3&wv-check=38163&wv-type=0&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=196412308&browser-info=we%3A1%3Aet%3A1716814872%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090112%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814872&t=gdpr(14)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; yashr=9366239991716814866; yandexuid=5250530921716814863; yuidss=5250530921716814863; i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; sync_cookie_ok=synced; _yasc=5TkufLKNFZ1SUivFRNmv77/RbNybJb776YeoHFmfLwNa4UkekAK6FN35ofSbC2Iqqw==; yp=1716901268.yu.5250530921716814863; ymex=1719406868.oyu.5250530921716814863#1748350865.yrts.1716814865#1748350865.yrtsi.1716814865
Source: global traffic	HTTP traffic detected: GET /webvisor/33590114?wv-part=3&wv-type=7&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=638068873&browser-info=we%3A1%3Aet%3A1716814873%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090113%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814873&t=gdpr(14)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; yashr=9366239991716814866; yandexuid=5250530921716814863; yuidss=5250530921716814863; i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; sync_cookie_ok=synced; _yasc=5TkufLKNFZ1SUivFRNmv77/RbNybJb776YeoHFmfLwNa4UkekAK6FN35ofSbC2Iqqw==; yp=1716901268.yu.5250530921716814863; ymex=1719406868.oyu.5250530921716814863#1748350865.yrts.1716814865#1748350865.yrtsi.1716814865
Source: global traffic	HTTP traffic detected: GET /webvisor/33590114?wv-part=4&wv-type=7&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=99049005&browser-info=we%3A1%3Aet%3A1716814877%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090117%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814877&t=gdpr(14)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; yashr=9366239991716814866; yandexuid=5250530921716814863; yuidss=5250530921716814863; i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; sync_cookie_ok=synced; _yasc=5TkufLKNFZ1SUivFRNmv77/RbNybJb776YeoHFmfLwNa4UkekAK6FN35ofSbC2Iqqw==; yp=1716901268.yu.5250530921716814863; ymex=1719406868.oyu.5250530921716814863#1748350865.yrts.1716814865#1748350865.yrtsi.1716814865
Source: global traffic	HTTP traffic detected: GET /webvisor/33590114?wv-part=4&wv-check=43811&wv-type=0&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=629003795&browser-info=we%3A1%3Aet%3A1716814893%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090133%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814893&t=gdpr(14)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sync_cookie_csrf=893524046fake; yabs-sid=1456576491716814865; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjE0OSIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xNDkiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjE0OSIi; yashr=9366239991716814866; yandexuid=5250530921716814863; yuidss=5250530921716814863; i=DdY40elwu0sXLWjGEuz9mDbga5A1v8G6CA/R7F2AqkTtU/gnsgQ4+UBS4F+TjvTC137ep0q5/pRjSoN8jqQ2Yp1Gbsk=; sync_cookie_ok=synced; _yasc=5TkufLKNFZ1SUivFRNmv77/RbNybJb776YeoHFmfLwNa4UkekAK6FN35ofSbC2Iqqw==; yp=1716901268.yu.5250530921716814863; ymex=1719406868.oyu.5250530921716814863#1748350865.yrts.1716814865#1748350865.yrtsi.1716814865
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cP8+YHrWZlfcSED&MD=TPoykatH HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: chromecache_161.1.dr

String found in binary or memory: return b}EC.K="internal.enableAutoEventOnTimer";var ic=ma(["data-gtm-yt-inspected-"]),GC=["www.youtube.com","www.youtube-nocookie.com"],HC,IC=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: transfiles.ru
Source: global traffic	DNS traffic detected: DNS query: mc.yandex.ru
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: mc.yandex.com
Source: global traffic	DNS traffic detected: DNS query: cdn.bidbrain.app
Source: global traffic	DNS traffic detected: DNS query: serve.bidbrain.app
Source: global traffic	DNS traffic detected: DNS query: g.bidbrain.app

Source: unknown

HTTP traffic detected: POST /getFilelist HTTP/1.1Host: transfiles.ruConnection: keep-aliveContent-Length: 10sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://transfiles.ruSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://transfiles.ru/vyjw4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qojvda9ph9engcv3r0ohk3pes5; _ym_uid=1716814863853134129; _ym_d=1716814863

Source: chromecache_136.1.dr, chromecache_176.1.dr	String found in binary or memory: http://bxcreative.com
Source: chromecache_136.1.dr, chromecache_176.1.dr	String found in binary or memory: http://bxslider.com
Source: chromecache_156.1.dr	String found in binary or memory: http://google.com
Source: chromecache_135.1.dr, chromecache_156.1.dr	String found in binary or memory: http://googleads.g.doubleclick.net
Source: chromecache_156.1.dr	String found in binary or memory: http://mathiasbynens.be/
Source: chromecache_176.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: chromecache_135.1.dr, chromecache_156.1.dr	String found in binary or memory: http://pagead2.googlesyndication.com
Source: chromecache_136.1.dr, chromecache_176.1.dr	String found in binary or memory: http://stevenwanderski.com
Source: chromecache_145.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_119.1.dr	String found in binary or memory: https://adsense.com.
Source: chromecache_161.1.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_161.1.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_118.1.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_161.1.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_156.1.dr	String found in binary or memory: https://cdn.ampproject.org/amp4ads-host-v0.js
Source: chromecache_156.1.dr	String found in binary or memory: https://cdn.ampproject.org/rtv/$
Source: chromecache_156.1.dr	String found in binary or memory: https://cse.google.com/cse.js
Source: chromecache_156.1.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Google
Source: chromecache_156.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Google
Source: chromecache_156.1.dr	String found in binary or memory: https://fundingchoicesmessages.google.com/i/%
Source: chromecache_135.1.dr, chromecache_156.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_119.1.dr, chromecache_156.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/$
Source: chromecache_140.1.dr	String found in binary or memory: https://mc.yandex.
Source: chromecache_140.1.dr	String found in binary or memory: https://mc.yandex.md/cc
Source: chromecache_156.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_156.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/getconfig/sodar
Source: chromecache_156.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204
Source: chromecache_145.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=error&bin=7&v=
Source: chromecache_145.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=error&name=invalid_geo&context=10
Source: chromecache_145.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=extra&rnd=
Source: chromecache_145.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fetch&later&lidartos
Source: chromecache_145.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fetch&later&start&control&fle=1&s
Source: chromecache_145.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=
Source: chromecache_160.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=fccs&
Source: chromecache_119.1.dr, chromecache_156.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=plmetrics
Source: chromecache_135.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=rcs_internal
Source: chromecache_161.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_156.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/html/$
Source: chromecache_156.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/$
Source: chromecache_135.1.dr, chromecache_156.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Source: chromecache_156.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=
Source: chromecache_135.1.dr, chromecache_119.1.dr, chromecache_156.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/err_rep.js
Source: chromecache_119.1.dr, chromecache_156.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/logging_library.js
Source: chromecache_156.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/$
Source: chromecache_135.1.dr, chromecache_119.1.dr, chromecache_156.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/ping?e=1
Source: chromecache_158.1.dr	String found in binary or memory: https://quickchart.io/qr?text=
Source: chromecache_140.1.dr	String found in binary or memory: https://s3.mds.yandex.net/internal-metrika-betas
Source: chromecache_156.1.dr	String found in binary or memory: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Source: chromecache_161.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_118.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_118.1.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_161.1.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_156.1.dr	String found in binary or memory: https://tpc.googlesyndication.com/sodar/$
Source: chromecache_118.1.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_118.1.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_118.1.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_161.1.dr	String found in binary or memory: https://www.google.com
Source: chromecache_118.1.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_119.1.dr	String found in binary or memory: https://www.google.com/adsense
Source: chromecache_156.1.dr	String found in binary or memory: https://www.google.com/adsense/search/async-ads.js
Source: chromecache_156.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/aframe
Source: chromecache_156.1.dr	String found in binary or memory: https://www.google.com/s2/favicons?sz=64&domain_url=
Source: chromecache_161.1.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_145.1.dr	String found in binary or memory: https://www.googleadservices.com/pagead/managed/js/activeview/
Source: chromecache_161.1.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_118.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/arrow_left_24px_grey_800.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/close_24px_grey_700.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/gpp_good_24px_blue_600.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/gpp_good_24px_grey_800.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/prose/protected/%
Source: chromecache_161.1.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_140.1.dr	String found in binary or memory: https://yandex.com/an/sync_cookie
Source: chromecache_140.1.dr	String found in binary or memory: https://yastatic.net/s3/gdpr/v3/gdpr
Source: chromecache_140.1.dr	String found in binary or memory: https://yastatic.net/s3/metrika
Source: chromecache_140.1.dr	String found in binary or memory: https://yastatic.net/s3/taxi-front/yango-gdpr-popup/
Source: chromecache_140.1.dr	String found in binary or memory: https://ymetrica1.com/watch/3/1

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 92.123.104.38:443 -> 192.168.2.18:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49850 version: TLS 1.2

System Summary

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File dump: C:\Users\user\Downloads\Loader.rar (copy)

Jump to dropped file

Source: classification engine

Classification label: sus22.win@22/124@28/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5440:120:WilError_03
Source: C:\Windows\System32\OpenWith.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7228:120:WilError_03

Source: C:\Windows\System32\OpenWith.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://transfiles.ru/vyjw4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1980,i,5191005634875542788,15932232829212940879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\" -an -ai#7zMap29805:70:7zEvent23307
Source: unknown	Process created: C:\Users\user\Desktop\Loader.exe "C:\Users\user\Desktop\Loader.exe"
Source: C:\Users\user\Desktop\Loader.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1980,i,5191005634875542788,15932232829212940879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: C:\Windows\System32\OpenWith.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: onecoreuapcommonproxystub.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinui.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: powrprof.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dwmapi.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: pdh.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: umpdc.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: onecorecommonproxystub.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: actxprxy.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepositoryps.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.appdefaults.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.immersive.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uiautomationcore.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dui70.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: duser.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dwrite.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: bcp47mrm.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uianimation.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d11.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dxgi.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: resourcepolicyclient.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dxcore.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dcomp.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: oleacc.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: edputil.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windowmanagementapi.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: inputhost.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinapi.appcore.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinapi.appcore.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windowscodecs.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: thumbcache.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: policymanager.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: msvcp110_win.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: appresolver.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: bcp47langs.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: slc.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sppc.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: tiledatarepository.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: staterepository.core.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepository.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: staterepository.core.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wtsapi32.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepositorycore.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: mrmcorer.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: appxdeploymentclient.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sxs.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: directmanipulation.dll			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: explorerframe.dll			Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\Loader.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Loader.exe	Section loaded: reverse.dll			Jump to behavior
Source: C:\Users\user\Desktop\Loader.exe	Section loaded: kernel.appcore.dll			Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

Source: C:\Program Files\7-Zip\7zG.exe

File created: C:\Users\user\Desktop\Loader.exe

Jump to dropped file

Boot Survival

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Language, Device and Operating System Detection

Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation			Jump to behavior