Windows Analysis Report
https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=71STY9b6g0G2TUGL0emS8wWPU1E0zmFNnR9SsYf1SC9UREdRTE8xR1FQUFdYSk5WRlZXQ0ZJSlg4NS4u

AV Detection

Source: https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=71STY9b6g0G2TUGL0emS8wWPU1E0zmFNnR9SsYf1SC9UREdRTE8xR1FQUFdYSk5WRlZXQ0ZJSlg4NS4u

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: https://hebelex.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrMWplbGc9JnVpZD1VU0VSMDExMjIwMjRVNDYxMjAxNTc=N0123	Avira URL Cloud: Label: phishing
Source: https://hebelex.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrMWplbGc9JnVpZD1VU0VSMDExMjIwMjRVNDYxMjAxNTc=N0123N[EMAIL]	Avira URL Cloud: Label: phishing

Phishing

Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML

Source: https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=71STY9b6g0G2TUGL0emS8wWPU1E0zmFNnR9SsYf1SC9UREdRTE8xR1FQUFdYSk5WRlZXQ0ZJSlg4NS4u

Joe Sandbox AI: Page contains button: 'VIEW DOCUMENT HERE' Source: '1.2.pages.csv'

Source: Chrome DOM: 1.3

OCR Text: New PDF Document Received Received on Friday, Dec 6 2024 You've received (2) PDF Documents for your review VIEW DOCUMENT HERE

Source: https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=71STY9b6g0G2TUGL0emS8wWPU1E0zmFNnR9SsYf1SC9UREdRTE8xR1FQUFdYSk5WRlZXQ0ZJSlg4NS4u

HTTP Parser: Base64 decoded: sv=o365_1_nom&rand=Vk1jelg=&uid=USER01122024U46120157

Source: https://google.com/404/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon

Compliance

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49892 version: TLS 1.2

Source:	Binary string: var dWa=function(a,b){var c;b=(c=b.ey)?a.Ga:a.Aa;a=_.fb(Object.values(c?a.ka:a.oa));for(c=a.next();!c.done;c=a.next())if(c=c.value,c.Pdb)b[c.name]=new DOMRect;else{var d=void 0,e=(d=c.element)==null?void 0:d.getBoundingClientRect();if(e.width===0||e.height===0)throw Error("Ad`"+c.name);b[c.name]=e}},eWa=function(a,b){var c;b=(c=b.ey)?a.La:a.Na;a=_.fb(Object.values(c?a.ka:a.oa));for(c=a.next();!c.done;c=a.next()){c=c.value;var d=c.element;b[c.name]={height:d.offsetHeight,width:d.offsetWidth}}},hWa= source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: for(var e=iWa(a,c,{ey:!1}),f=_.fb(Object.values(a.ka)),g=f.next();!g.done;g=f.next()){var h=g.value,k=h.name,l=c+"To"+_.YCa(k);g=k+"To"+_.YCa(c);h=h.Pdb;d||h?(a.LZ[l]=wVa,a.LZ[g]=wVa):(k=iWa(a,k,{ey:!0}),h=_.dta(e,k),a.LZ[l]=h,l=_.dta(k,e),a.LZ[g]=l)}}},iWa=function(a,b,c){var d=(c=c.ey)?a.La:a.Na;return{style:(c?a.Ma:a.Qa)[b],rect:(c?a.Ga:a.Aa)[b],WEa:_.ata((c?a.ka:a.oa)[b].element),offsetWidth:d[b].width,offsetHeight:d[b].height}},cWa=function(a,b){var c;b=(c=b.ey)?Object.values(a.ka):Object.values(a.oa); source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: var Seb=function(a){var b=function(d){_.yKa(d)&&(_.yKa(d).uc=null,_.deb(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])};_.ks=function(a){_.ds.call(this,a.Oa);var b=this,c=a.context.nvc;this.ka=c.JW;this.Af=this.wa=this.Ba=this.oa=null;this.Aa=a.service.Lg;this.Ga=a.service.t$c;a=this.ka.wa.then(function(d){b.oa=d;d=b.ka.id.C1b(d,b.ka.getParams());b.Ba=d.variant});c=c.fAb.then(function(d){b.wa=d});this.n$a=this.n$a.bind(this);this.Dq(_.$f([a,c]),_.Un)};_.G(_.ks,_.ds);_.ks.Ha=function(){return{context:{nvc:"FVxLkf"},service:{Lg:_.as,component:_.fs,t$c:_.Pdb}}};_.m=_.ks.prototype;_.m.Xl=function(){return""};_.m.ks=function(){return!1}; source: chromecache_114.1.dr, chromecache_120.1.dr
Source:	Binary string: function(a,b){b=b.ey;var c,d;if(!(b?(c=a.options.Sib)==null?0:c.end:(d=a.options.Sib)==null?0:d.start)){c=b?a.Ia:a.Ba;d=b?a.ka:a.oa;a=Array.from(Object.values(d)).filter(function(g){return!g.Xca}).map(function(g){return g.element});a=_.kta(a).gyb();b=0;d=_.fb(Object.entries(d));for(var e=d.next();!e.done;e=d.next()){e=_.fb(e.value);var f=e.next().value;e.next().value.Xca||(c[f]=a[b++])}}},fWa=function(a){for(var b=_.fb(Object.values(a.oa)),c=b.next();!c.done;c=b.next()){var d=c.value;c=d.name;d=d.Pdb; source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: $Va=function(a){var b=[];a=_.fb(a);for(var c=a.next();!c.done;c=a.next()){c=c.value;if(typeof c.element==="string"){var d=_.Mg().document.querySelector(c.element);c.element=d}c.Pdb=_.Mg().getComputedStyle(c.element).display==="none";b.push(c)}return b};_.gWa=function(a,b){b=(b===void 0?{}:b).ey;if(!_.sta)throw Error("zd");cWa(a,{ey:b});a.kYa({ey:b});dWa(a,{ey:b});eWa(a,{ey:b});b&&fWa(a)}; source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: _.Pdb=new _.re(_.p4a); source: chromecache_114.1.dr, chromecache_120.1.dr
Source:	Binary string: _.iv=function(a){this.Ea=_.n(a)};_.G(_.iv,_.r);_.iv.prototype.getTitle=function(){return _.D(this,3)};_.iv.prototype.setTitle=function(a){return _.Df(this,3,a)};_.iv.prototype.Dd=function(){return _.sj(this,3)};_.iv.prototype.hb="DxxfTc";_.oDb=function(a){this.Ea=_.n(a)};_.G(_.oDb,_.r);_.pDb=function(a){this.Ea=_.n(a)};_.G(_.pDb,_.r);_.pDb.prototype.hb="hMCPXc";_.qDb=function(a){this.Ea=_.n(a)};_.G(_.qDb,_.r);_.qDb.prototype.hb="LT4Byf";new _.Eg(_.pDb);new _.Eg(_.qDb);_.fp.LT4Byf=function(a){return _.gp(_.hp(_.t(a,_.iv,1))).toString()};_.tq(_.qDb,_.iv,function(a){a=_.t(a,_.iv,1);return a!=null?[a]:[]});_.rDb=new _.ig("uZoEG",_.qDb,_.pDb,[_.oq,!0,_.pq,"/MerchantProfileService.GetActionGroup"]); source: chromecache_121.1.dr, chromecache_98.1.dr

Networking

Source: Network traffic

Suricata IDS: 2057333 - Severity 1 - ET PHISHING MAMBA Credential Phish Landing Page 2024-11-08 : 192.168.2.4:49795 -> 78.157.38.110:443

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: hebelex.com to https://google.com/404/

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F22gZ4uPbOgwPOO&MD=PR2up9l9 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /m/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrMWplbGc9JnVpZD1VU0VSMDExMjIwMjRVNDYxMjAxNTc=N0123N[EMAIL] HTTP/1.1Host: hebelex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://customervoice.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /404/ HTTP/1.1Host: google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://customervoice.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.GIjte-IWHrs.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBCAAAgAEAIIIABYAQAABABlAAAUACAAoAAAABAYBZAAAjIAUAKQ0AEIAAoEACAAIAAYQAYNgagARAEAAAAAAAAAQAAAAMAQAAIBADoAAsAAEAkAgOhBAAAAAABBAABMAIAhYAACAAAAAAAAZAAAAABDCggAAAAAAAAAAAAAAAAAEARDAQAFAQAAAAAAAAAAAAAAAAAAINAEAQ/d=1/ed=1/br=1/rs=ACT90oFquIML8jLVPHp_hhsxAB2YdT2MTg/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /logos/doodles/2024/seasonal-holidays-2024-6753651837110333-law.gif HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBCAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=1/ed=1/dg=3/br=1/rs=ACT90oHKc4CHb1aRmL99E66PM2KpJyxHoQ/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RCF5Sd:X1kBmd;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;Uvc8o:VDovNc;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lbfkyf:MqGdUd;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;oVHXxc:HODIOb;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb,yDVVkb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;ropkZ:UT1DG;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x8
Source: global traffic	HTTP traffic detected: GET /async/hpba?yv=3&cs=0&ei=5IFTZ-X9FrPixc8PkOT2wAQ&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/dg%3D0/br%3D1/rs%3DACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw,_basecss:/xjs/_/ss/k%3Dxjs.hd.GIjte-IWHrs.L.B1.O/am%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBCAAAgAEAIIIABYAQAABABlAAAUACAAoAAAABAYBZAAAjIAUAKQ0AEIAAoEACAAIAAYQAYNgagARAEAAAAAAAAAQAAAAMAQAAIBADoAAsAAEAkAgOhBAAAAAABBAABMAIAhYAACAAAAAAAAZAAAAABDCggAAAAAAAAAAAAAAAAAEARDAQAFAQAAAAAAAAAAAAAAAAAAINAEAQ/br%3D1/rs%3DACT90oFquIML8jLVPHp_hhsxAB2YdT2MTg,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O/ck%3Dxjs.hd.GIjte-IWHrs.L.B1.O/am%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw,_fmt:prog,_id:_5IFTZ-X9FrPixc8PkOT2wAQ_8&sp_imghp=false&sp_hpep=2&sp_hpte=0&vet=10ahUKEwjl__vFn5SKAxUzcfEDHRCyHUgQj-0KCBY..i HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F22gZ4uPbOgwPOO&MD=PR2up9l9 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /logos/doodles/2024/seasonal-holidays-2024-6753651837110333-law.gif HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=5IFTZ-X9FrPixc8PkOT2wAQ.1733525994188&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/ck=xjs.hd.GIjte-IWHrs.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/ujg=1/rs=ACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw/m=B2qlPe,syuc,NzU6V,syyv,sygk,zGLm3b,syvw,syvx,syvn,DhPYme,syy1,syxw,syxz,syxy,sywg,sywh,syxx,syxu,syxv,KHourd,MpJwZc,UUJqVe,sy7d,sOXFj,sy7c,s39S4,oGtAuc,NTMZac,nAFL3,sy7q,sy7p,q0xTif,y05UD,sy12h,sy18x,sy18r,syx2,sy18k,syx1,syx0,sywz,sy18q,sy13r,sy18h,sy13v,sy18p,sy12d,sy18l,syh1,sy13w,sy18s,sy124,sy18o,sy18m,sy18n,sy18u,sy18c,sy18i,sy18b,sy18g,sy18d,sy188,sy14r,sy13y,sy13z,syx7,syx8,epYOx?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /async/hpba?yv=3&cs=0&ei=5IFTZ-X9FrPixc8PkOT2wAQ&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/dg%3D0/br%3D1/rs%3DACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw,_basecss:/xjs/_/ss/k%3Dxjs.hd.GIjte-IWHrs.L.B1.O/am%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBCAAAgAEAIIIABYAQAABABlAAAUACAAoAAAABAYBZAAAjIAUAKQ0AEIAAoEACAAIAAYQAYNgagARAEAAAAAAAAAQAAAAMAQAAIBADoAAsAAEAkAgOhBAAAAAABBAABMAIAhYAACAAAAAAAAZAAAAABDCggAAAAAAAAAAAAAAAAAEARDAQAFAQAAAAAAAAAAAAAAAAAAINAEAQ/br%3D1/rs%3DACT90oFquIML8jLVPHp_hhsxAB2YdT2MTg,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O/ck%3Dxjs.hd.GIjte-IWHrs.L.B1.O/am%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw,_fmt:prog,_id:_5IFTZ-X9FrPixc8PkOT2wAQ_8&sp_imghp=false&sp_hpep=2&sp_hpte=0&vet=10ahUKEwjl__vFn5SKAxUzcfEDHRCyHUgQj-0KCBY..i HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBCAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=1/ed=1/dg=3/br=1/rs=ACT90oHKc4CHb1aRmL99E66PM2KpJyxHoQ/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RCF5Sd:X1kBmd;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;Uvc8o:VDovNc;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lbfkyf:MqGdUd;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;oVHXxc:HODIOb;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb,yDVVkb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;ropkZ:UT1DG;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetc
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=2/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBCAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/rs=ACT90oHKc4CHb1aRmL99E66PM2KpJyxHoQ HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /gen_204?s=async&astyp=hpba&atyp=csi&ei=6YFTZ6uPL-KCxc8PpI3QiQQ&rt=ipf.0,ipfr.2624,ttfb.2624,st.2624,acrt.2625,ipfrl.2625,aaft.2625,art.2625,ns.-5319&ns=1733525985758&twt=0.8999999999941792&mwt=0.8999999999941792 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/ck=xjs.hd.GIjte-IWHrs.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/ujg=1/rs=ACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw/m=sb_wiz,aa,abd,sy17j,syfv,syfm,syfk,syfl,syfn,syfw,syfx,syfr,syfs,syfq,syfp,syem,syfo,syfe,syfd,syff,syfc,syfh,sy16e,syg7,sy17h,syyj,syg6,syg5,syg4,async,ifl,pHXghd,sf,syie,sy3jo,sonic,sy3ju,syhk,syh0,sy3j6,sy3j9,sy267,sye0,sy9x,sy9i,sy9h,sy9f,spch,sytg,sytf,rtH1bd,sy19e,sy15h,sy14y,sy127,syd9,sy19d,SMquOb,sy8a,sy89,sy88,syf0,syf9,syf7,syf6,syez,syex,syev,sy83,sy80,sy82,syeu,syey,syet,sybg,sybb,sybe,syam,syas,syal,syak,syaj,sya7,sybc,syb0,syb1,syb7,syaq,syb6,syaz,syaw,syah,syao,syb2,sya9,syab,syac,sya8,syar,syag,syad,sybj,sya3,sya0,sybi,sy9s,sy9k,sy9n,sy9z,sya6,syb3,syes,syer,syeo,syen,sy86,uxMpU,syej,sybq,sybo,sybk,syau,sybm,sybh,sy8q,sy8p,sy8o,sy8n,Mlhmy,QGR0gd,aurFic,sy8z,fKUV3e,OTA3Ae,sy8b,OmgaI,EEDORb,PoEs9b,Pjplud,sy8k,A1yn5d,YIZmRd,uY49fb,sy7y,sy7w,sy7u,sy7v,sy7t,sy7s,byfTOb,lsjVmc,LEikZe,kWgXee,ovKuLd,sgY6Zb,sy8y,sy91,sy85,xUdipf,NwH0H,gychg,ZfAoz,yDVVkb,qafBPd,ebZ3mb,dowIGb,sy19h,sy19f,syxg,sytl,d5EhJe,sy19y,fCxEDd,syur,sy19x,sy19w,sy19v,sy19o,sy19l,sy19m,sy176,sy170,syx4,syx3,T1HOxc,sy19n,sy19k,zx30Y,sy1a0,sy19z,sy19s,sy15t,Wo3n8,sysx,loL8vb,syt1,syt0,sysz,ms4mZb,syrz?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=5IFTZ-X9FrPixc8PkOT2wAQ.1733525994188&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /client_204?atyp=i&biw=1280&bih=907&ei=5IFTZ-X9FrPixc8PkOT2wAQ&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=2/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBCAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/rs=ACT90oHKc4CHb1aRmL99E66PM2KpJyxHoQ HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/ck=xjs.hd.GIjte-IWHrs.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/ujg=1/rs=ACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw/m=B2qlPe,syuc,NzU6V,syyv,sygk,zGLm3b,syvw,syvx,syvn,DhPYme,syy1,syxw,syxz,syxy,sywg,sywh,syxx,syxu,syxv,KHourd,MpJwZc,UUJqVe,sy7d,sOXFj,sy7c,s39S4,oGtAuc,NTMZac,nAFL3,sy7q,sy7p,q0xTif,y05UD,sy12h,sy18x,sy18r,syx2,sy18k,syx1,syx0,sywz,sy18q,sy13r,sy18h,sy13v,sy18p,sy12d,sy18l,syh1,sy13w,sy18s,sy124,sy18o,sy18m,sy18n,sy18u,sy18c,sy18i,sy18b,sy18g,sy18d,sy188,sy14r,sy13y,sy13z,syx7,syx8,epYOx?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.GIjte-IWHrs.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBCAAAgAEAIIIABYAQAABABlAAAUACAAoAAAABAYBZAAAjIAUAKQ0AEIAAoEACAAIAAYQAYNgagARAEAAAAAAAAAQAAAAMAQAAIBADoAAsAAEAkAgOhBAAAAAABBAABMAIAhYAACAAAAAAAAZAAAAABDCggAAAAAAAAAAAAAAAAAEARDAQAFAQAAAAAAAAAAAAAAAAAAINAEAQ/d=0/br=1/rs=ACT90oFquIML8jLVPHp_hhsxAB2YdT2MTg/m=sylv,sypv?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.x7CxCIZpks8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/rs=ACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw/m=syt3,syt2,VsqSCc,sy1b0,P10Owf,sy19t,sy19r,sysh,gSZvdb,syyd,syyc,WlNQGd,sysl,sysj,sysi,sysg,DPreE,syyq,syyo,nabPbb,syy7,syy5,sylv,sypv,CnSW2d,kQvlef,syyp,fXO0xe?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /client_204?cs=1&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwjl__vFn5SKAxUzcfEDHRCyHUgQj-0KCBc..i&ei=5IFTZ-X9FrPixc8PkOT2wAQ&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.GIjte-IWHrs.L.B1.O%2Fam%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBCAAAgAEAIIIABYAQAABABlAAAUACAAoAAAABAYBZAAAjIAUAKQ0AEIAAoEACAAIAAYQAYNgagARAEAAAAAAAAAQAAAAMAQAAIBADoAAsAAEAkAgOhBAAAAAABBAABMAIAhYAACAAAAAAAAZAAAAABDCggAAAAAAAAAAAAAAAAAEARDAQAFAQAAAAAAAAAAAAAAAAAAINAEAQ%2Fbr%3D1%2Frs%3DACT90oFquIML8jLVPHp_hhsxAB2YdT2MTg,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O%2Fck%3Dxjs.hd.GIjte-IWHrs.L.B1.O%2Fam%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw,_fmt:prog,_id:_5IFTZ-X9FrPixc8PkOT2wAQ_9 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/ck=xjs.hd.GIjte-IWHrs.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/ujg=1/rs=ACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw/m=sb_wiz,aa,abd,sy17j,syfv,syfm,syfk,syfl,syfn,syfw,syfx,syfr,syfs,syfq,syfp,syem,syfo,syfe,syfd,syff,syfc,syfh,sy16e,syg7,sy17h,syyj,syg6,syg5,syg4,async,ifl,pHXghd,sf,syie,sy3jo,sonic,sy3ju,syhk,syh0,sy3j6,sy3j9,sy267,sye0,sy9x,sy9i,sy9h,sy9f,spch,sytg,sytf,rtH1bd,sy19e,sy15h,sy14y,sy127,syd9,sy19d,SMquOb,sy8a,sy89,sy88,syf0,syf9,syf7,syf6,syez,syex,syev,sy83,sy80,sy82,syeu,syey,syet,sybg,sybb,sybe,syam,syas,syal,syak,syaj,sya7,sybc,syb0,syb1,syb7,syaq,syb6,syaz,syaw,syah,syao,syb2,sya9,syab,syac,sya8,syar,syag,syad,sybj,sya3,sya0,sybi,sy9s,sy9k,sy9n,sy9z,sya6,syb3,syes,syer,syeo,syen,sy86,uxMpU,syej,sybq,sybo,sybk,syau,sybm,sybh,sy8q,sy8p,sy8o,sy8n,Mlhmy,QGR0gd,aurFic,sy8z,fKUV3e,OTA3Ae,sy8b,OmgaI,EEDORb,PoEs9b,Pjplud,sy8k,A1yn5d,YIZmRd,uY49fb,sy7y,sy7w,sy7u,sy7v,sy7t,sy7s,byfTOb,lsjVmc,LEikZe,kWgXee,ovKuLd,sgY6Zb,sy8y,sy91,sy85,xUdipf,NwH0H,gychg,ZfAoz,yDVVkb,qafBPd,ebZ3mb,dowIGb,sy19h,sy19f,syxg,sytl,d5EhJe,sy19y,fCxEDd,syur,sy19x,sy19w,sy19v,sy19o,sy19l,sy19m,sy176,sy170,syx4,syx3,T1HOxc,sy19n,sy19k,zx30Y,sy1a0,sy19z,sy19s,sy15t,Wo3n8,sysx,loL8vb,syt1,syt0,sysz,ms4mZb,syrz?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.GIjte-IWHrs.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBCAAAgAEAIIIABYAQAABABlAAAUACAAoAAAABAYBZAAAjIAUAKQ0AEIAAoEACAAIAAYQAYNgagARAEAAAAAAAAAQAAAAMAQAAIBADoAAsAAEAkAgOhBAAAAAABBAABMAIAhYAACAAAAAAAAZAAAAABDCggAAAAAAAAAAAAAAAAAEARDAQAFAQAAAAAAAAAAAAAAAAAAINAEAQ/d=0/br=1/rs=ACT90oFquIML8jLVPHp_hhsxAB2YdT2MTg/m=sylv,sypv?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.x7CxCIZpks8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/rs=ACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw/m=aLUfP?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwjl__vFn5SKAxUzcfEDHRCyHUgQj-0KCBc..i&ei=5IFTZ-X9FrPixc8PkOT2wAQ&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.GIjte-IWHrs.L.B1.O%2Fam%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBCAAAgAEAIIIABYAQAABABlAAAUACAAoAAAABAYBZAAAjIAUAKQ0AEIAAoEACAAIAAYQAYNgagARAEAAAAAAAAAQAAAAMAQAAIBADoAAsAAEAkAgOhBAAAAAABBAABMAIAhYAACAAAAAAAAZAAAAABDCggAAAAAAAAAAAAAAAAAEARDAQAFAQAAAAAAAAAAAAAAAAAAINAEAQ%2Fbr%3D1%2Frs%3DACT90oFquIML8jLVPHp_hhsxAB2YdT2MTg,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O%2Fck%3Dxjs.hd.GIjte-IWHrs.L.B1.O%2Fam%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw,_fmt:prog,_id:_5IFTZ-X9FrPixc8PkOT2wAQ_9 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/rs=ACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw/m=syt3,syt2,VsqSCc,sy1b0,P10Owf,sy19t,sy19r,sysh,gSZvdb,syyd,syyc,WlNQGd,sysl,sysj,sysi,sysg,DPreE,syyq,syyo,nabPbb,syy7,syy5,sylv,sypv,CnSW2d,kQvlef,syyp,fXO0xe?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/rs=ACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw/m=lOO0Vd,sy8l,P6sQOc?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/rs=ACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw/m=aLUfP?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/rs=ACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw/m=lOO0Vd,sy8l,P6sQOc?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=5IFTZ-X9FrPixc8PkOT2wAQ&zx=1733526005754&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: chromecache_142.1.dr, chromecache_160.1.dr

String found in binary or memory: var Ldc;_.Ndc=function(a){return Ldc("https://www.facebook.com/dialog/share",{app_id:"738026486351791",href:_.Mdc(a),hashtag:"#GoogleDoodle"})};_.Odc=function(a){return Ldc("https://twitter.com/intent/tweet",{text:a})};_.Pdc=function(a,b){return Ldc("mailto:",{subject:a,body:b})};_.Mdc=function(a){var b=a;b&&b.indexOf("//")===0&&(b="https:"+a);return b};Ldc=function(a,b){var c=new _.vn,d;for(d in b)c.add(d,b[d]);a=new _.sh(a);_.tn(a,c);return a.toString()}; equals www.facebook.com (Facebook)

Source: chromecache_142.1.dr, chromecache_160.1.dr

String found in binary or memory: var Ldc;_.Ndc=function(a){return Ldc("https://www.facebook.com/dialog/share",{app_id:"738026486351791",href:_.Mdc(a),hashtag:"#GoogleDoodle"})};_.Odc=function(a){return Ldc("https://twitter.com/intent/tweet",{text:a})};_.Pdc=function(a,b){return Ldc("mailto:",{subject:a,body:b})};_.Mdc=function(a){var b=a;b&&b.indexOf("//")===0&&(b="https:"+a);return b};Ldc=function(a,b){var c=new _.vn,d;for(d in b)c.add(d,b[d]);a=new _.sh(a);_.tn(a,c);return a.toString()}; equals www.twitter.com (Twitter)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.forms.office.net
Source: global traffic	DNS traffic detected: DNS query: hebelex.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com

Source: unknown

HTTP traffic detected: POST /report/Forms-PROD HTTP/1.1Host: csp.microsoft.comConnection: keep-aliveContent-Length: 1126Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1565Date: Fri, 06 Dec 2024 22:59:33 GMTAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close

Source: chromecache_134.1.dr, chromecache_122.1.dr	String found in binary or memory: http://api.jqueryui.com/category/ui-core/
Source: chromecache_134.1.dr, chromecache_122.1.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_134.1.dr, chromecache_122.1.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_118.1.dr	String found in binary or memory: http://schema.org/WebPage
Source: chromecache_89.1.dr, chromecache_128.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_149.1.dr, chromecache_125.1.dr, chromecache_101.1.dr, chromecache_132.1.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_152.1.dr, chromecache_102.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_152.1.dr, chromecache_102.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_118.1.dr, chromecache_125.1.dr, chromecache_152.1.dr, chromecache_102.1.dr, chromecache_132.1.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_147.1.dr, chromecache_145.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.cachegroup-nerve.min.0b
Source: chromecache_133.1.dr, chromecache_123.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.1ds.8fd4115.js.ma
Source: chromecache_111.1.dr, chromecache_99.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.616.93becff.js.ma
Source: chromecache_143.1.dr, chromecache_103.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.cvheadertheme.7ef
Source: chromecache_158.1.dr, chromecache_137.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.cvtitlerender.55b
Source: chromecache_161.1.dr, chromecache_159.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.ir.cf39917.js.map
Source: chromecache_95.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.postsubmit.3275fe
Source: chromecache_94.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.quiz.4c32c58.js.m
Source: chromecache_107.1.dr, chromecache_124.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.vendors.aa37695.j
Source: chromecache_134.1.dr, chromecache_122.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.min.c492e9d.js.map/e27b
Source: chromecache_121.1.dr, chromecache_98.1.dr	String found in binary or memory: https://cda-push-dev.sandbox.googleapis.com/upload/
Source: chromecache_152.1.dr, chromecache_102.1.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_98.1.dr	String found in binary or memory: https://content-push.googleapis.com/upload/
Source: chromecache_152.1.dr, chromecache_102.1.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_149.1.dr, chromecache_101.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_152.1.dr, chromecache_102.1.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_121.1.dr, chromecache_98.1.dr	String found in binary or memory: https://embeddedassistant-webchannel.googleapis.com/google.assistant.embedded.v1.EmbeddedAssistant/A
Source: chromecache_128.1.dr	String found in binary or memory: https://fb.me/react-polyfills
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_91.1.dr	String found in binary or memory: https://forms.office.com.
Source: chromecache_88.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_88.1.dr	String found in binary or memory: https://getbootstrap.com/docs/3.4/customize/)
Source: chromecache_157.1.dr, chromecache_97.1.dr	String found in binary or memory: https://github.com/SoapBox/linkifyjs
Source: chromecache_88.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_131.1.dr, chromecache_112.1.dr	String found in binary or memory: https://hebelex.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrMWplbGc9JnVpZD1VU0VSMDExMjIwMjRVNDYxMjAxNTc=N0123
Source: chromecache_111.1.dr, chromecache_99.1.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_111.1.dr, chromecache_99.1.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_111.1.dr, chromecache_99.1.dr	String found in binary or memory: https://js.foundation/
Source: chromecache_149.1.dr, chromecache_101.1.dr	String found in binary or memory: https://lens.google.com
Source: chromecache_114.1.dr, chromecache_120.1.dr	String found in binary or memory: https://lens.google.com/gen204
Source: chromecache_101.1.dr	String found in binary or memory: https://lensfrontend-pa.clients6.google.com/v1/crupload
Source: chromecache_149.1.dr, chromecache_101.1.dr	String found in binary or memory: https://lensfrontend-pa.clients6.google.com/v1/gsessionid
Source: chromecache_131.1.dr, chromecache_112.1.dr	String found in binary or memory: https://mfpembedcdnwus2.azureedge.net/mfpembedcontwus2/Embed.css
Source: chromecache_131.1.dr, chromecache_112.1.dr	String found in binary or memory: https://mfpembedcdnwus2.azureedge.net/mfpembedcontwus2/Embed.js
Source: chromecache_118.1.dr	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chromecache_118.1.dr	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chromecache_118.1.dr	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chromecache_118.1.dr	String found in binary or memory: https://ogs.google.com/widget/callout?prid=19040336
Source: chromecache_132.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_102.1.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_152.1.dr, chromecache_102.1.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_121.1.dr, chromecache_98.1.dr	String found in binary or memory: https://push.clients6.google.com/upload/
Source: chromecache_134.1.dr, chromecache_122.1.dr	String found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: chromecache_128.1.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_111.1.dr, chromecache_99.1.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_105.1.dr, chromecache_108.1.dr	String found in binary or memory: https://ssl.gstatic.com/images/icons/material/system/1x/done_black_16dp.png)
Source: chromecache_105.1.dr, chromecache_108.1.dr	String found in binary or memory: https://ssl.gstatic.com/images/icons/material/system/1x/done_white_16dp.png)
Source: chromecache_105.1.dr, chromecache_108.1.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/menu/checkmark2-light.png)
Source: chromecache_105.1.dr, chromecache_108.1.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/menu/checkmark2.png)
Source: chromecache_121.1.dr, chromecache_98.1.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_149.1.dr, chromecache_101.1.dr	String found in binary or memory: https://support.google.com/websearch/answer/106230
Source: chromecache_149.1.dr, chromecache_101.1.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_89.1.dr, chromecache_128.1.dr	String found in binary or memory: https://underscorejs.org
Source: chromecache_152.1.dr, chromecache_102.1.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_149.1.dr, chromecache_101.1.dr	String found in binary or memory: https://www.google.
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.google.com
Source: chromecache_118.1.dr	String found in binary or memory: https://www.google.com/_/og/promos/
Source: chromecache_118.1.dr	String found in binary or memory: https://www.google.com/intl/en/about/products
Source: chromecache_149.1.dr, chromecache_101.1.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: chromecache_121.1.dr, chromecache_98.1.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_118.1.dr	String found in binary or memory: https://www.google.com/url?q=https://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_s
Source: chromecache_102.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_102.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chromecache_132.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_118.1.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.b6tg1FFzATM.2019.O/rt=j/m=qabr
Source: chromecache_118.1.dr	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qcwid
Source: chromecache_98.1.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49892 version: TLS 1.2

System Summary

Source: classification engine

Classification label: mal80.phis.win@18/116@20/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2236,i,9668149860679051669,15055841091917555798,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=71STY9b6g0G2TUGL0emS8wWPU1E0zmFNnR9SsYf1SC9UREdRTE8xR1FQUFdYSk5WRlZXQ0ZJSlg4NS4u"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2236,i,9668149860679051669,15055841091917555798,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: var dWa=function(a,b){var c;b=(c=b.ey)?a.Ga:a.Aa;a=_.fb(Object.values(c?a.ka:a.oa));for(c=a.next();!c.done;c=a.next())if(c=c.value,c.Pdb)b[c.name]=new DOMRect;else{var d=void 0,e=(d=c.element)==null?void 0:d.getBoundingClientRect();if(e.width===0||e.height===0)throw Error("Ad`"+c.name);b[c.name]=e}},eWa=function(a,b){var c;b=(c=b.ey)?a.La:a.Na;a=_.fb(Object.values(c?a.ka:a.oa));for(c=a.next();!c.done;c=a.next()){c=c.value;var d=c.element;b[c.name]={height:d.offsetHeight,width:d.offsetWidth}}},hWa= source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: for(var e=iWa(a,c,{ey:!1}),f=_.fb(Object.values(a.ka)),g=f.next();!g.done;g=f.next()){var h=g.value,k=h.name,l=c+"To"+_.YCa(k);g=k+"To"+_.YCa(c);h=h.Pdb;d||h?(a.LZ[l]=wVa,a.LZ[g]=wVa):(k=iWa(a,k,{ey:!0}),h=_.dta(e,k),a.LZ[l]=h,l=_.dta(k,e),a.LZ[g]=l)}}},iWa=function(a,b,c){var d=(c=c.ey)?a.La:a.Na;return{style:(c?a.Ma:a.Qa)[b],rect:(c?a.Ga:a.Aa)[b],WEa:_.ata((c?a.ka:a.oa)[b].element),offsetWidth:d[b].width,offsetHeight:d[b].height}},cWa=function(a,b){var c;b=(c=b.ey)?Object.values(a.ka):Object.values(a.oa); source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: var Seb=function(a){var b=function(d){_.yKa(d)&&(_.yKa(d).uc=null,_.deb(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])};_.ks=function(a){_.ds.call(this,a.Oa);var b=this,c=a.context.nvc;this.ka=c.JW;this.Af=this.wa=this.Ba=this.oa=null;this.Aa=a.service.Lg;this.Ga=a.service.t$c;a=this.ka.wa.then(function(d){b.oa=d;d=b.ka.id.C1b(d,b.ka.getParams());b.Ba=d.variant});c=c.fAb.then(function(d){b.wa=d});this.n$a=this.n$a.bind(this);this.Dq(_.$f([a,c]),_.Un)};_.G(_.ks,_.ds);_.ks.Ha=function(){return{context:{nvc:"FVxLkf"},service:{Lg:_.as,component:_.fs,t$c:_.Pdb}}};_.m=_.ks.prototype;_.m.Xl=function(){return""};_.m.ks=function(){return!1}; source: chromecache_114.1.dr, chromecache_120.1.dr
Source:	Binary string: function(a,b){b=b.ey;var c,d;if(!(b?(c=a.options.Sib)==null?0:c.end:(d=a.options.Sib)==null?0:d.start)){c=b?a.Ia:a.Ba;d=b?a.ka:a.oa;a=Array.from(Object.values(d)).filter(function(g){return!g.Xca}).map(function(g){return g.element});a=_.kta(a).gyb();b=0;d=_.fb(Object.entries(d));for(var e=d.next();!e.done;e=d.next()){e=_.fb(e.value);var f=e.next().value;e.next().value.Xca||(c[f]=a[b++])}}},fWa=function(a){for(var b=_.fb(Object.values(a.oa)),c=b.next();!c.done;c=b.next()){var d=c.value;c=d.name;d=d.Pdb; source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: $Va=function(a){var b=[];a=_.fb(a);for(var c=a.next();!c.done;c=a.next()){c=c.value;if(typeof c.element==="string"){var d=_.Mg().document.querySelector(c.element);c.element=d}c.Pdb=_.Mg().getComputedStyle(c.element).display==="none";b.push(c)}return b};_.gWa=function(a,b){b=(b===void 0?{}:b).ey;if(!_.sta)throw Error("zd");cWa(a,{ey:b});a.kYa({ey:b});dWa(a,{ey:b});eWa(a,{ey:b});b&&fWa(a)}; source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: _.Pdb=new _.re(_.p4a); source: chromecache_114.1.dr, chromecache_120.1.dr
Source:	Binary string: _.iv=function(a){this.Ea=_.n(a)};_.G(_.iv,_.r);_.iv.prototype.getTitle=function(){return _.D(this,3)};_.iv.prototype.setTitle=function(a){return _.Df(this,3,a)};_.iv.prototype.Dd=function(){return _.sj(this,3)};_.iv.prototype.hb="DxxfTc";_.oDb=function(a){this.Ea=_.n(a)};_.G(_.oDb,_.r);_.pDb=function(a){this.Ea=_.n(a)};_.G(_.pDb,_.r);_.pDb.prototype.hb="hMCPXc";_.qDb=function(a){this.Ea=_.n(a)};_.G(_.qDb,_.r);_.qDb.prototype.hb="LT4Byf";new _.Eg(_.pDb);new _.Eg(_.qDb);_.fp.LT4Byf=function(a){return _.gp(_.hp(_.t(a,_.iv,1))).toString()};_.tq(_.qDb,_.iv,function(a){a=_.t(a,_.iv,1);return a!=null?[a]:[]});_.rDb=new _.ig("uZoEG",_.qDb,_.pDb,[_.oq,!0,_.pq,"/MerchantProfileService.GetActionGroup"]); source: chromecache_121.1.dr, chromecache_98.1.dr

Malware Analysis System Evasion

Source: chromecache_88.1.dr

Binary or memory string: '}.ms-Icon--ConnectVirtualMachine::before{content:'