Play interactive tourEdit tour

Windows Analysis Report
https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=71STY9b6g0G2TUGL0emS8wWPU1E0zmFNnR9SsYf1SC9UREdRTE8xR1FQUFdYSk5WRlZXQ0ZJSlg4NS4u

Overview

General Information

Sample URL:	https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=71STY9b6g0G2TUGL0emS8wWPU1E0zmFNnR9SsYf1SC9UREdRTE8xR1FQUFdYSk5WRlZXQ0ZJSlg4NS4u
Analysis ID:	1570418
Infos:

Detection

HTMLPhisher

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Suricata IDS alerts for network traffic

Yara detected HtmlPhish29

AI detected landing page (webpage, office document or email)

Phishing site or detected (based on various text indicators)

Detected suspicious crossdomain redirect

HTML page contains hidden javascript code

Classification

×

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=71STY9b6g0G2TUGL0emS8wWPU1E0zmFNnR9SsYf1SC9UREdRTE8xR1FQUFdYSk5WRlZXQ0ZJSlg4NS4u

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://hebelex.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrMWplbGc9JnVpZD1VU0VSMDExMjIwMjRVNDYxMjAxNTc=N0123	Avira URL Cloud: Label: phishing
Source: https://hebelex.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrMWplbGc9JnVpZD1VU0VSMDExMjIwMjRVNDYxMjAxNTc=N0123N[EMAIL]	Avira URL Cloud: Label: phishing

Phishing

Yara detected HtmlPhish29

Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML

AI detected landing page (webpage, office document or email)

Source: https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=71STY9b6g0G2TUGL0emS8wWPU1E0zmFNnR9SsYf1SC9UREdRTE8xR1FQUFdYSk5WRlZXQ0ZJSlg4NS4u

Joe Sandbox AI: Page contains button: 'VIEW DOCUMENT HERE' Source: '1.2.pages.csv'

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 1.3

OCR Text: New PDF Document Received Received on Friday, Dec 6 2024 You've received (2) PDF Documents for your review VIEW DOCUMENT HERE

HTML page contains hidden javascript code

Source: https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=71STY9b6g0G2TUGL0emS8wWPU1E0zmFNnR9SsYf1SC9UREdRTE8xR1FQUFdYSk5WRlZXQ0ZJSlg4NS4u

HTTP Parser: Base64 decoded: sv=o365_1_nom&rand=Vk1jelg=&uid=USER01122024U46120157

HTML page is missing a favicon

Source: https://google.com/404/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon

Compliance

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49892 version: TLS 1.2

Binary contains paths to debug symbols

Source:	Binary string: var dWa=function(a,b){var c;b=(c=b.ey)?a.Ga:a.Aa;a=_.fb(Object.values(c?a.ka:a.oa));for(c=a.next();!c.done;c=a.next())if(c=c.value,c.Pdb)b[c.name]=new DOMRect;else{var d=void 0,e=(d=c.element)==null?void 0:d.getBoundingClientRect();if(e.width===0||e.height===0)throw Error("Ad`"+c.name);b[c.name]=e}},eWa=function(a,b){var c;b=(c=b.ey)?a.La:a.Na;a=_.fb(Object.values(c?a.ka:a.oa));for(c=a.next();!c.done;c=a.next()){c=c.value;var d=c.element;b[c.name]={height:d.offsetHeight,width:d.offsetWidth}}},hWa= source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: for(var e=iWa(a,c,{ey:!1}),f=_.fb(Object.values(a.ka)),g=f.next();!g.done;g=f.next()){var h=g.value,k=h.name,l=c+"To"+_.YCa(k);g=k+"To"+_.YCa(c);h=h.Pdb;d||h?(a.LZ[l]=wVa,a.LZ[g]=wVa):(k=iWa(a,k,{ey:!0}),h=_.dta(e,k),a.LZ[l]=h,l=_.dta(k,e),a.LZ[g]=l)}}},iWa=function(a,b,c){var d=(c=c.ey)?a.La:a.Na;return{style:(c?a.Ma:a.Qa)[b],rect:(c?a.Ga:a.Aa)[b],WEa:_.ata((c?a.ka:a.oa)[b].element),offsetWidth:d[b].width,offsetHeight:d[b].height}},cWa=function(a,b){var c;b=(c=b.ey)?Object.values(a.ka):Object.values(a.oa); source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: var Seb=function(a){var b=function(d){_.yKa(d)&&(_.yKa(d).uc=null,_.deb(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])};_.ks=function(a){_.ds.call(this,a.Oa);var b=this,c=a.context.nvc;this.ka=c.JW;this.Af=this.wa=this.Ba=this.oa=null;this.Aa=a.service.Lg;this.Ga=a.service.t$c;a=this.ka.wa.then(function(d){b.oa=d;d=b.ka.id.C1b(d,b.ka.getParams());b.Ba=d.variant});c=c.fAb.then(function(d){b.wa=d});this.n$a=this.n$a.bind(this);this.Dq(_.$f([a,c]),_.Un)};_.G(_.ks,_.ds);_.ks.Ha=function(){return{context:{nvc:"FVxLkf"},service:{Lg:_.as,component:_.fs,t$c:_.Pdb}}};_.m=_.ks.prototype;_.m.Xl=function(){return""};_.m.ks=function(){return!1}; source: chromecache_114.1.dr, chromecache_120.1.dr
Source:	Binary string: function(a,b){b=b.ey;var c,d;if(!(b?(c=a.options.Sib)==null?0:c.end:(d=a.options.Sib)==null?0:d.start)){c=b?a.Ia:a.Ba;d=b?a.ka:a.oa;a=Array.from(Object.values(d)).filter(function(g){return!g.Xca}).map(function(g){return g.element});a=_.kta(a).gyb();b=0;d=_.fb(Object.entries(d));for(var e=d.next();!e.done;e=d.next()){e=_.fb(e.value);var f=e.next().value;e.next().value.Xca||(c[f]=a[b++])}}},fWa=function(a){for(var b=_.fb(Object.values(a.oa)),c=b.next();!c.done;c=b.next()){var d=c.value;c=d.name;d=d.Pdb; source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: $Va=function(a){var b=[];a=_.fb(a);for(var c=a.next();!c.done;c=a.next()){c=c.value;if(typeof c.element==="string"){var d=_.Mg().document.querySelector(c.element);c.element=d}c.Pdb=_.Mg().getComputedStyle(c.element).display==="none";b.push(c)}return b};_.gWa=function(a,b){b=(b===void 0?{}:b).ey;if(!_.sta)throw Error("zd");cWa(a,{ey:b});a.kYa({ey:b});dWa(a,{ey:b});eWa(a,{ey:b});b&&fWa(a)}; source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: _.Pdb=new _.re(_.p4a); source: chromecache_114.1.dr, chromecache_120.1.dr
Source:	Binary string: _.iv=function(a){this.Ea=_.n(a)};_.G(_.iv,_.r);_.iv.prototype.getTitle=function(){return _.D(this,3)};_.iv.prototype.setTitle=function(a){return _.Df(this,3,a)};_.iv.prototype.Dd=function(){return _.sj(this,3)};_.iv.prototype.hb="DxxfTc";_.oDb=function(a){this.Ea=_.n(a)};_.G(_.oDb,_.r);_.pDb=function(a){this.Ea=_.n(a)};_.G(_.pDb,_.r);_.pDb.prototype.hb="hMCPXc";_.qDb=function(a){this.Ea=_.n(a)};_.G(_.qDb,_.r);_.qDb.prototype.hb="LT4Byf";new _.Eg(_.pDb);new _.Eg(_.qDb);_.fp.LT4Byf=function(a){return _.gp(_.hp(_.t(a,_.iv,1))).toString()};_.tq(_.qDb,_.iv,function(a){a=_.t(a,_.iv,1);return a!=null?[a]:[]});_.rDb=new _.ig("uZoEG",_.qDb,_.pDb,[_.oq,!0,_.pq,"/MerchantProfileService.GetActionGroup"]); source: chromecache_121.1.dr, chromecache_98.1.dr

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2057333 - Severity 1 - ET PHISHING MAMBA Credential Phish Landing Page 2024-11-08 : 192.168.2.4:49795 -> 78.157.38.110:443

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: hebelex.com to https://google.com/404/

Connects to IPs without corresponding DNS lookups

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212

Downloads files from webservers via HTTP

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F22gZ4uPbOgwPOO&MD=PR2up9l9 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /m/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrMWplbGc9JnVpZD1VU0VSMDExMjIwMjRVNDYxMjAxNTc=N0123N[EMAIL] HTTP/1.1Host: hebelex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://customervoice.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /404/ HTTP/1.1Host: google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://customervoice.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.GIjte-IWHrs.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBCAAAgAEAIIIABYAQAABABlAAAUACAAoAAAABAYBZAAAjIAUAKQ0AEIAAoEACAAIAAYQAYNgagARAEAAAAAAAAAQAAAAMAQAAIBADoAAsAAEAkAgOhBAAAAAABBAABMAIAhYAACAAAAAAAAZAAAAABDCggAAAAAAAAAAAAAAAAAEARDAQAFAQAAAAAAAAAAAAAAAAAAINAEAQ/d=1/ed=1/br=1/rs=ACT90oFquIML8jLVPHp_hhsxAB2YdT2MTg/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /logos/doodles/2024/seasonal-holidays-2024-6753651837110333-law.gif HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBCAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=1/ed=1/dg=3/br=1/rs=ACT90oHKc4CHb1aRmL99E66PM2KpJyxHoQ/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RCF5Sd:X1kBmd;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;Uvc8o:VDovNc;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lbfkyf:MqGdUd;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;oVHXxc:HODIOb;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb,yDVVkb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;ropkZ:UT1DG;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x8
Source: global traffic	HTTP traffic detected: GET /async/hpba?yv=3&cs=0&ei=5IFTZ-X9FrPixc8PkOT2wAQ&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/dg%3D0/br%3D1/rs%3DACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw,_basecss:/xjs/_/ss/k%3Dxjs.hd.GIjte-IWHrs.L.B1.O/am%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBCAAAgAEAIIIABYAQAABABlAAAUACAAoAAAABAYBZAAAjIAUAKQ0AEIAAoEACAAIAAYQAYNgagARAEAAAAAAAAAQAAAAMAQAAIBADoAAsAAEAkAgOhBAAAAAABBAABMAIAhYAACAAAAAAAAZAAAAABDCggAAAAAAAAAAAAAAAAAEARDAQAFAQAAAAAAAAAAAAAAAAAAINAEAQ/br%3D1/rs%3DACT90oFquIML8jLVPHp_hhsxAB2YdT2MTg,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O/ck%3Dxjs.hd.GIjte-IWHrs.L.B1.O/am%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw,_fmt:prog,_id:_5IFTZ-X9FrPixc8PkOT2wAQ_8&sp_imghp=false&sp_hpep=2&sp_hpte=0&vet=10ahUKEwjl__vFn5SKAxUzcfEDHRCyHUgQj-0KCBY..i HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F22gZ4uPbOgwPOO&MD=PR2up9l9 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /logos/doodles/2024/seasonal-holidays-2024-6753651837110333-law.gif HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=5IFTZ-X9FrPixc8PkOT2wAQ.1733525994188&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/ck=xjs.hd.GIjte-IWHrs.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/ujg=1/rs=ACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw/m=B2qlPe,syuc,NzU6V,syyv,sygk,zGLm3b,syvw,syvx,syvn,DhPYme,syy1,syxw,syxz,syxy,sywg,sywh,syxx,syxu,syxv,KHourd,MpJwZc,UUJqVe,sy7d,sOXFj,sy7c,s39S4,oGtAuc,NTMZac,nAFL3,sy7q,sy7p,q0xTif,y05UD,sy12h,sy18x,sy18r,syx2,sy18k,syx1,syx0,sywz,sy18q,sy13r,sy18h,sy13v,sy18p,sy12d,sy18l,syh1,sy13w,sy18s,sy124,sy18o,sy18m,sy18n,sy18u,sy18c,sy18i,sy18b,sy18g,sy18d,sy188,sy14r,sy13y,sy13z,syx7,syx8,epYOx?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /async/hpba?yv=3&cs=0&ei=5IFTZ-X9FrPixc8PkOT2wAQ&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/dg%3D0/br%3D1/rs%3DACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw,_basecss:/xjs/_/ss/k%3Dxjs.hd.GIjte-IWHrs.L.B1.O/am%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBCAAAgAEAIIIABYAQAABABlAAAUACAAoAAAABAYBZAAAjIAUAKQ0AEIAAoEACAAIAAYQAYNgagARAEAAAAAAAAAQAAAAMAQAAIBADoAAsAAEAkAgOhBAAAAAABBAABMAIAhYAACAAAAAAAAZAAAAABDCggAAAAAAAAAAAAAAAAAEARDAQAFAQAAAAAAAAAAAAAAAAAAINAEAQ/br%3D1/rs%3DACT90oFquIML8jLVPHp_hhsxAB2YdT2MTg,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O/ck%3Dxjs.hd.GIjte-IWHrs.L.B1.O/am%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw,_fmt:prog,_id:_5IFTZ-X9FrPixc8PkOT2wAQ_8&sp_imghp=false&sp_hpep=2&sp_hpte=0&vet=10ahUKEwjl__vFn5SKAxUzcfEDHRCyHUgQj-0KCBY..i HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBCAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=1/ed=1/dg=3/br=1/rs=ACT90oHKc4CHb1aRmL99E66PM2KpJyxHoQ/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RCF5Sd:X1kBmd;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;Uvc8o:VDovNc;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lbfkyf:MqGdUd;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;oVHXxc:HODIOb;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb,yDVVkb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;ropkZ:UT1DG;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetc
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=2/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBCAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/rs=ACT90oHKc4CHb1aRmL99E66PM2KpJyxHoQ HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /gen_204?s=async&astyp=hpba&atyp=csi&ei=6YFTZ6uPL-KCxc8PpI3QiQQ&rt=ipf.0,ipfr.2624,ttfb.2624,st.2624,acrt.2625,ipfrl.2625,aaft.2625,art.2625,ns.-5319&ns=1733525985758&twt=0.8999999999941792&mwt=0.8999999999941792 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/ck=xjs.hd.GIjte-IWHrs.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/ujg=1/rs=ACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw/m=sb_wiz,aa,abd,sy17j,syfv,syfm,syfk,syfl,syfn,syfw,syfx,syfr,syfs,syfq,syfp,syem,syfo,syfe,syfd,syff,syfc,syfh,sy16e,syg7,sy17h,syyj,syg6,syg5,syg4,async,ifl,pHXghd,sf,syie,sy3jo,sonic,sy3ju,syhk,syh0,sy3j6,sy3j9,sy267,sye0,sy9x,sy9i,sy9h,sy9f,spch,sytg,sytf,rtH1bd,sy19e,sy15h,sy14y,sy127,syd9,sy19d,SMquOb,sy8a,sy89,sy88,syf0,syf9,syf7,syf6,syez,syex,syev,sy83,sy80,sy82,syeu,syey,syet,sybg,sybb,sybe,syam,syas,syal,syak,syaj,sya7,sybc,syb0,syb1,syb7,syaq,syb6,syaz,syaw,syah,syao,syb2,sya9,syab,syac,sya8,syar,syag,syad,sybj,sya3,sya0,sybi,sy9s,sy9k,sy9n,sy9z,sya6,syb3,syes,syer,syeo,syen,sy86,uxMpU,syej,sybq,sybo,sybk,syau,sybm,sybh,sy8q,sy8p,sy8o,sy8n,Mlhmy,QGR0gd,aurFic,sy8z,fKUV3e,OTA3Ae,sy8b,OmgaI,EEDORb,PoEs9b,Pjplud,sy8k,A1yn5d,YIZmRd,uY49fb,sy7y,sy7w,sy7u,sy7v,sy7t,sy7s,byfTOb,lsjVmc,LEikZe,kWgXee,ovKuLd,sgY6Zb,sy8y,sy91,sy85,xUdipf,NwH0H,gychg,ZfAoz,yDVVkb,qafBPd,ebZ3mb,dowIGb,sy19h,sy19f,syxg,sytl,d5EhJe,sy19y,fCxEDd,syur,sy19x,sy19w,sy19v,sy19o,sy19l,sy19m,sy176,sy170,syx4,syx3,T1HOxc,sy19n,sy19k,zx30Y,sy1a0,sy19z,sy19s,sy15t,Wo3n8,sysx,loL8vb,syt1,syt0,sysz,ms4mZb,syrz?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=5IFTZ-X9FrPixc8PkOT2wAQ.1733525994188&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /client_204?atyp=i&biw=1280&bih=907&ei=5IFTZ-X9FrPixc8PkOT2wAQ&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=2/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBCAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/rs=ACT90oHKc4CHb1aRmL99E66PM2KpJyxHoQ HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/ck=xjs.hd.GIjte-IWHrs.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/ujg=1/rs=ACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw/m=B2qlPe,syuc,NzU6V,syyv,sygk,zGLm3b,syvw,syvx,syvn,DhPYme,syy1,syxw,syxz,syxy,sywg,sywh,syxx,syxu,syxv,KHourd,MpJwZc,UUJqVe,sy7d,sOXFj,sy7c,s39S4,oGtAuc,NTMZac,nAFL3,sy7q,sy7p,q0xTif,y05UD,sy12h,sy18x,sy18r,syx2,sy18k,syx1,syx0,sywz,sy18q,sy13r,sy18h,sy13v,sy18p,sy12d,sy18l,syh1,sy13w,sy18s,sy124,sy18o,sy18m,sy18n,sy18u,sy18c,sy18i,sy18b,sy18g,sy18d,sy188,sy14r,sy13y,sy13z,syx7,syx8,epYOx?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.GIjte-IWHrs.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBCAAAgAEAIIIABYAQAABABlAAAUACAAoAAAABAYBZAAAjIAUAKQ0AEIAAoEACAAIAAYQAYNgagARAEAAAAAAAAAQAAAAMAQAAIBADoAAsAAEAkAgOhBAAAAAABBAABMAIAhYAACAAAAAAAAZAAAAABDCggAAAAAAAAAAAAAAAAAEARDAQAFAQAAAAAAAAAAAAAAAAAAINAEAQ/d=0/br=1/rs=ACT90oFquIML8jLVPHp_hhsxAB2YdT2MTg/m=sylv,sypv?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.x7CxCIZpks8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; NID=519=cKE8ESpEkfiyb3NHg_VAt4DqSbTLBmeKqVrsnLI4BZ2wDu9xEJnoch8bA6Xotd7lA8e0bfCd5GZkaPmjBY0xGs44XhzrZLh-cWrInMY2DErvVoTvw52-tnIZv6SpRqxtPeyQg99kwGtW3FgO1ZMmXDcOsISH1Gx3DWI_Yak376StL1YzCIumvIXdAwoRElv5vZPx7os; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/rs=ACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw/m=syt3,syt2,VsqSCc,sy1b0,P10Owf,sy19t,sy19r,sysh,gSZvdb,syyd,syyc,WlNQGd,sysl,sysj,sysi,sysg,DPreE,syyq,syyo,nabPbb,syy7,syy5,sylv,sypv,CnSW2d,kQvlef,syyp,fXO0xe?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /client_204?cs=1&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwjl__vFn5SKAxUzcfEDHRCyHUgQj-0KCBc..i&ei=5IFTZ-X9FrPixc8PkOT2wAQ&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.GIjte-IWHrs.L.B1.O%2Fam%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBCAAAgAEAIIIABYAQAABABlAAAUACAAoAAAABAYBZAAAjIAUAKQ0AEIAAoEACAAIAAYQAYNgagARAEAAAAAAAAAQAAAAMAQAAIBADoAAsAAEAkAgOhBAAAAAABBAABMAIAhYAACAAAAAAAAZAAAAABDCggAAAAAAAAAAAAAAAAAEARDAQAFAQAAAAAAAAAAAAAAAAAAINAEAQ%2Fbr%3D1%2Frs%3DACT90oFquIML8jLVPHp_hhsxAB2YdT2MTg,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O%2Fck%3Dxjs.hd.GIjte-IWHrs.L.B1.O%2Fam%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw,_fmt:prog,_id:_5IFTZ-X9FrPixc8PkOT2wAQ_9 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/ck=xjs.hd.GIjte-IWHrs.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/ujg=1/rs=ACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw/m=sb_wiz,aa,abd,sy17j,syfv,syfm,syfk,syfl,syfn,syfw,syfx,syfr,syfs,syfq,syfp,syem,syfo,syfe,syfd,syff,syfc,syfh,sy16e,syg7,sy17h,syyj,syg6,syg5,syg4,async,ifl,pHXghd,sf,syie,sy3jo,sonic,sy3ju,syhk,syh0,sy3j6,sy3j9,sy267,sye0,sy9x,sy9i,sy9h,sy9f,spch,sytg,sytf,rtH1bd,sy19e,sy15h,sy14y,sy127,syd9,sy19d,SMquOb,sy8a,sy89,sy88,syf0,syf9,syf7,syf6,syez,syex,syev,sy83,sy80,sy82,syeu,syey,syet,sybg,sybb,sybe,syam,syas,syal,syak,syaj,sya7,sybc,syb0,syb1,syb7,syaq,syb6,syaz,syaw,syah,syao,syb2,sya9,syab,syac,sya8,syar,syag,syad,sybj,sya3,sya0,sybi,sy9s,sy9k,sy9n,sy9z,sya6,syb3,syes,syer,syeo,syen,sy86,uxMpU,syej,sybq,sybo,sybk,syau,sybm,sybh,sy8q,sy8p,sy8o,sy8n,Mlhmy,QGR0gd,aurFic,sy8z,fKUV3e,OTA3Ae,sy8b,OmgaI,EEDORb,PoEs9b,Pjplud,sy8k,A1yn5d,YIZmRd,uY49fb,sy7y,sy7w,sy7u,sy7v,sy7t,sy7s,byfTOb,lsjVmc,LEikZe,kWgXee,ovKuLd,sgY6Zb,sy8y,sy91,sy85,xUdipf,NwH0H,gychg,ZfAoz,yDVVkb,qafBPd,ebZ3mb,dowIGb,sy19h,sy19f,syxg,sytl,d5EhJe,sy19y,fCxEDd,syur,sy19x,sy19w,sy19v,sy19o,sy19l,sy19m,sy176,sy170,syx4,syx3,T1HOxc,sy19n,sy19k,zx30Y,sy1a0,sy19z,sy19s,sy15t,Wo3n8,sysx,loL8vb,syt1,syt0,sysz,ms4mZb,syrz?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.GIjte-IWHrs.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBCAAAgAEAIIIABYAQAABABlAAAUACAAoAAAABAYBZAAAjIAUAKQ0AEIAAoEACAAIAAYQAYNgagARAEAAAAAAAAAQAAAAMAQAAIBADoAAsAAEAkAgOhBAAAAAABBAABMAIAhYAACAAAAAAAAZAAAAABDCggAAAAAAAAAAAAAAAAAEARDAQAFAQAAAAAAAAAAAAAAAAAAINAEAQ/d=0/br=1/rs=ACT90oFquIML8jLVPHp_hhsxAB2YdT2MTg/m=sylv,sypv?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.x7CxCIZpks8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=eu2Gyrn3N3MOt4QbqLWmagXh5Nx3UV8bAJF69lt02qvxtEbE281G88E9I8m5TgCjxd3W5wTNFuBxSo_pw59Jv5GugBMIeEDq98zBwOGDMoZR-8ZrPMx8OXe_Sk4ldBQr7xZDJ3w5MgmkhLldnX_CYK_ZoYTMpnHeKZzGXYGYsXMfcuxYqaf601Afz10zm160HqSfqV7owPDXo6M
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/rs=ACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw/m=aLUfP?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwjl__vFn5SKAxUzcfEDHRCyHUgQj-0KCBc..i&ei=5IFTZ-X9FrPixc8PkOT2wAQ&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.GIjte-IWHrs.L.B1.O%2Fam%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBCAAAgAEAIIIABYAQAABABlAAAUACAAoAAAABAYBZAAAjIAUAKQ0AEIAAoEACAAIAAYQAYNgagARAEAAAAAAAAAQAAAAMAQAAIBADoAAsAAEAkAgOhBAAAAAABBAABMAIAhYAACAAAAAAAAZAAAAABDCggAAAAAAAAAAAAAAAAAEARDAQAFAQAAAAAAAAAAAAAAAAAAINAEAQ%2Fbr%3D1%2Frs%3DACT90oFquIML8jLVPHp_hhsxAB2YdT2MTg,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.brSQqmIyEoA.es5.O%2Fck%3Dxjs.hd.GIjte-IWHrs.L.B1.O%2Fam%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBCAIAgAEAIIIABYAQAgHABlAAAUACAAoQA8yhQYBZgAAjIAUAKQ2AEIAApEACAAIAAYQAYNgagARAEAACAAAAAAQAAAAMCQAAIBADoAAsAAEAkAgOhBAAAAAABBAAJOAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEFAQgAAAAAAAAAAAAAAAAAINLEhQ0%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oH99z7wz2W2LSh92E5K-SKv-I3eJw,_fmt:prog,_id:_5IFTZ-X9FrPixc8PkOT2wAQ_9 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/rs=ACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw/m=syt3,syt2,VsqSCc,sy1b0,P10Owf,sy19t,sy19r,sysh,gSZvdb,syyd,syyc,WlNQGd,sysl,sysj,sysi,sysg,DPreE,syyq,syyo,nabPbb,syy7,syy5,sylv,sypv,CnSW2d,kQvlef,syyp,fXO0xe?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/rs=ACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw/m=lOO0Vd,sy8l,P6sQOc?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/rs=ACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw/m=aLUfP?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.brSQqmIyEoA.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAIAgAAAIAAABYAAAgGAAEAAAQAAAAAQA8yhQABIgAAAAAAAIACAAIAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAECAAAAAAAAAAAAAAAEAAOgBAAAAAAAAAAICAIAhYAACAAAAAAAAfQAQPABDCgsAAAAAAAAAAAAAAAABEgRzIQEBAQgAAAAAAAAAAAAAAAAAINLEhQ0/d=0/dg=0/br=1/rs=ACT90oGWUewsyosaN1DkneiuW_Oyh4gJTw/m=lOO0Vd,sy8l,P6sQOc?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=5IFTZ-X9FrPixc8PkOT2wAQ&zx=1733526005754&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Vtwhn2PfA0TjGEwbqeRCCwgaXbwfGxXAa2C4W5sjxRehkanbk7AA; OGPC=19037049-1:; NID=519=wEbWW_Uw2BWggeZtilFfIr6nPzoMNypup4H0XEE-eoqoPnvjZP-s1NS9UMsQkN9ZpreJEmWEBtfLJpCdjypJABWXFQ-H_dDbL6l64Zr2b-t5zLU-KotztCMZDKbPLV6Q19OOt62F0x5-ugHnXuvi5ZrpGvpDp0ItB6LRtQ6Qz9QE5gEpw-4lckQF2rZeFqv5swiJokPj8dng7zF9nmySVslxhg
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Found strings which match to known social media urls

Source: chromecache_142.1.dr, chromecache_160.1.dr

String found in binary or memory: var Ldc;_.Ndc=function(a){return Ldc("https://www.facebook.com/dialog/share",{app_id:"738026486351791",href:_.Mdc(a),hashtag:"#GoogleDoodle"})};_.Odc=function(a){return Ldc("https://twitter.com/intent/tweet",{text:a})};_.Pdc=function(a,b){return Ldc("mailto:",{subject:a,body:b})};_.Mdc=function(a){var b=a;b&&b.indexOf("//")===0&&(b="https:"+a);return b};Ldc=function(a,b){var c=new _.vn,d;for(d in b)c.add(d,b[d]);a=new _.sh(a);_.tn(a,c);return a.toString()}; equals www.facebook.com (Facebook)

Source: chromecache_142.1.dr, chromecache_160.1.dr

String found in binary or memory: var Ldc;_.Ndc=function(a){return Ldc("https://www.facebook.com/dialog/share",{app_id:"738026486351791",href:_.Mdc(a),hashtag:"#GoogleDoodle"})};_.Odc=function(a){return Ldc("https://twitter.com/intent/tweet",{text:a})};_.Pdc=function(a,b){return Ldc("mailto:",{subject:a,body:b})};_.Mdc=function(a){var b=a;b&&b.indexOf("//")===0&&(b="https:"+a);return b};Ldc=function(a,b){var c=new _.vn,d;for(d in b)c.add(d,b[d]);a=new _.sh(a);_.tn(a,c);return a.toString()}; equals www.twitter.com (Twitter)

Performs DNS lookups

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.forms.office.net
Source: global traffic	DNS traffic detected: DNS query: hebelex.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com

Posts data to webserver

Source: unknown

HTTP traffic detected: POST /report/Forms-PROD HTTP/1.1Host: csp.microsoft.comConnection: keep-aliveContent-Length: 1126Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1565Date: Fri, 06 Dec 2024 22:59:33 GMTAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close

URLs found in memory or binary data

Source: chromecache_134.1.dr, chromecache_122.1.dr	String found in binary or memory: http://api.jqueryui.com/category/ui-core/
Source: chromecache_134.1.dr, chromecache_122.1.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_134.1.dr, chromecache_122.1.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_118.1.dr	String found in binary or memory: http://schema.org/WebPage
Source: chromecache_89.1.dr, chromecache_128.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_149.1.dr, chromecache_125.1.dr, chromecache_101.1.dr, chromecache_132.1.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_152.1.dr, chromecache_102.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_152.1.dr, chromecache_102.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_118.1.dr, chromecache_125.1.dr, chromecache_152.1.dr, chromecache_102.1.dr, chromecache_132.1.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_147.1.dr, chromecache_145.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.cachegroup-nerve.min.0b
Source: chromecache_133.1.dr, chromecache_123.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.1ds.8fd4115.js.ma
Source: chromecache_111.1.dr, chromecache_99.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.616.93becff.js.ma
Source: chromecache_143.1.dr, chromecache_103.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.cvheadertheme.7ef
Source: chromecache_158.1.dr, chromecache_137.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.cvtitlerender.55b
Source: chromecache_161.1.dr, chromecache_159.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.ir.cf39917.js.map
Source: chromecache_95.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.postsubmit.3275fe
Source: chromecache_94.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.quiz.4c32c58.js.m
Source: chromecache_107.1.dr, chromecache_124.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.vendors.aa37695.j
Source: chromecache_134.1.dr, chromecache_122.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.min.c492e9d.js.map/e27b
Source: chromecache_121.1.dr, chromecache_98.1.dr	String found in binary or memory: https://cda-push-dev.sandbox.googleapis.com/upload/
Source: chromecache_152.1.dr, chromecache_102.1.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_98.1.dr	String found in binary or memory: https://content-push.googleapis.com/upload/
Source: chromecache_152.1.dr, chromecache_102.1.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_149.1.dr, chromecache_101.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_152.1.dr, chromecache_102.1.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_121.1.dr, chromecache_98.1.dr	String found in binary or memory: https://embeddedassistant-webchannel.googleapis.com/google.assistant.embedded.v1.EmbeddedAssistant/A
Source: chromecache_128.1.dr	String found in binary or memory: https://fb.me/react-polyfills
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_91.1.dr	String found in binary or memory: https://forms.office.com.
Source: chromecache_88.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_88.1.dr	String found in binary or memory: https://getbootstrap.com/docs/3.4/customize/)
Source: chromecache_157.1.dr, chromecache_97.1.dr	String found in binary or memory: https://github.com/SoapBox/linkifyjs
Source: chromecache_88.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_131.1.dr, chromecache_112.1.dr	String found in binary or memory: https://hebelex.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrMWplbGc9JnVpZD1VU0VSMDExMjIwMjRVNDYxMjAxNTc=N0123
Source: chromecache_111.1.dr, chromecache_99.1.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_111.1.dr, chromecache_99.1.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_111.1.dr, chromecache_99.1.dr	String found in binary or memory: https://js.foundation/
Source: chromecache_149.1.dr, chromecache_101.1.dr	String found in binary or memory: https://lens.google.com
Source: chromecache_114.1.dr, chromecache_120.1.dr	String found in binary or memory: https://lens.google.com/gen204
Source: chromecache_101.1.dr	String found in binary or memory: https://lensfrontend-pa.clients6.google.com/v1/crupload
Source: chromecache_149.1.dr, chromecache_101.1.dr	String found in binary or memory: https://lensfrontend-pa.clients6.google.com/v1/gsessionid
Source: chromecache_131.1.dr, chromecache_112.1.dr	String found in binary or memory: https://mfpembedcdnwus2.azureedge.net/mfpembedcontwus2/Embed.css
Source: chromecache_131.1.dr, chromecache_112.1.dr	String found in binary or memory: https://mfpembedcdnwus2.azureedge.net/mfpembedcontwus2/Embed.js
Source: chromecache_118.1.dr	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chromecache_118.1.dr	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chromecache_118.1.dr	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chromecache_118.1.dr	String found in binary or memory: https://ogs.google.com/widget/callout?prid=19040336
Source: chromecache_132.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_102.1.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_152.1.dr, chromecache_102.1.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_121.1.dr, chromecache_98.1.dr	String found in binary or memory: https://push.clients6.google.com/upload/
Source: chromecache_134.1.dr, chromecache_122.1.dr	String found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: chromecache_128.1.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_111.1.dr, chromecache_99.1.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_105.1.dr, chromecache_108.1.dr	String found in binary or memory: https://ssl.gstatic.com/images/icons/material/system/1x/done_black_16dp.png)
Source: chromecache_105.1.dr, chromecache_108.1.dr	String found in binary or memory: https://ssl.gstatic.com/images/icons/material/system/1x/done_white_16dp.png)
Source: chromecache_105.1.dr, chromecache_108.1.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/menu/checkmark2-light.png)
Source: chromecache_105.1.dr, chromecache_108.1.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/menu/checkmark2.png)
Source: chromecache_121.1.dr, chromecache_98.1.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_149.1.dr, chromecache_101.1.dr	String found in binary or memory: https://support.google.com/websearch/answer/106230
Source: chromecache_149.1.dr, chromecache_101.1.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_89.1.dr, chromecache_128.1.dr	String found in binary or memory: https://underscorejs.org
Source: chromecache_152.1.dr, chromecache_102.1.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_149.1.dr, chromecache_101.1.dr	String found in binary or memory: https://www.google.
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.google.com
Source: chromecache_118.1.dr	String found in binary or memory: https://www.google.com/_/og/promos/
Source: chromecache_118.1.dr	String found in binary or memory: https://www.google.com/intl/en/about/products
Source: chromecache_149.1.dr, chromecache_101.1.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: chromecache_121.1.dr, chromecache_98.1.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_118.1.dr	String found in binary or memory: https://www.google.com/url?q=https://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_s
Source: chromecache_102.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_102.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chromecache_132.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_125.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_118.1.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.b6tg1FFzATM.2019.O/rt=j/m=qabr
Source: chromecache_118.1.dr	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qcwid
Source: chromecache_98.1.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49892 version: TLS 1.2

System Summary

Classification label

Source: classification engine

Classification label: mal80.phis.win@18/116@20/8

Spawns processes

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2236,i,9668149860679051669,15055841091917555798,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=71STY9b6g0G2TUGL0emS8wWPU1E0zmFNnR9SsYf1SC9UREdRTE8xR1FQUFdYSk5WRlZXQ0ZJSlg4NS4u"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2236,i,9668149860679051669,15055841091917555798,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Binary contains paths to debug symbols

Source:	Binary string: var dWa=function(a,b){var c;b=(c=b.ey)?a.Ga:a.Aa;a=_.fb(Object.values(c?a.ka:a.oa));for(c=a.next();!c.done;c=a.next())if(c=c.value,c.Pdb)b[c.name]=new DOMRect;else{var d=void 0,e=(d=c.element)==null?void 0:d.getBoundingClientRect();if(e.width===0||e.height===0)throw Error("Ad`"+c.name);b[c.name]=e}},eWa=function(a,b){var c;b=(c=b.ey)?a.La:a.Na;a=_.fb(Object.values(c?a.ka:a.oa));for(c=a.next();!c.done;c=a.next()){c=c.value;var d=c.element;b[c.name]={height:d.offsetHeight,width:d.offsetWidth}}},hWa= source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: for(var e=iWa(a,c,{ey:!1}),f=_.fb(Object.values(a.ka)),g=f.next();!g.done;g=f.next()){var h=g.value,k=h.name,l=c+"To"+_.YCa(k);g=k+"To"+_.YCa(c);h=h.Pdb;d||h?(a.LZ[l]=wVa,a.LZ[g]=wVa):(k=iWa(a,k,{ey:!0}),h=_.dta(e,k),a.LZ[l]=h,l=_.dta(k,e),a.LZ[g]=l)}}},iWa=function(a,b,c){var d=(c=c.ey)?a.La:a.Na;return{style:(c?a.Ma:a.Qa)[b],rect:(c?a.Ga:a.Aa)[b],WEa:_.ata((c?a.ka:a.oa)[b].element),offsetWidth:d[b].width,offsetHeight:d[b].height}},cWa=function(a,b){var c;b=(c=b.ey)?Object.values(a.ka):Object.values(a.oa); source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: var Seb=function(a){var b=function(d){_.yKa(d)&&(_.yKa(d).uc=null,_.deb(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])};_.ks=function(a){_.ds.call(this,a.Oa);var b=this,c=a.context.nvc;this.ka=c.JW;this.Af=this.wa=this.Ba=this.oa=null;this.Aa=a.service.Lg;this.Ga=a.service.t$c;a=this.ka.wa.then(function(d){b.oa=d;d=b.ka.id.C1b(d,b.ka.getParams());b.Ba=d.variant});c=c.fAb.then(function(d){b.wa=d});this.n$a=this.n$a.bind(this);this.Dq(_.$f([a,c]),_.Un)};_.G(_.ks,_.ds);_.ks.Ha=function(){return{context:{nvc:"FVxLkf"},service:{Lg:_.as,component:_.fs,t$c:_.Pdb}}};_.m=_.ks.prototype;_.m.Xl=function(){return""};_.m.ks=function(){return!1}; source: chromecache_114.1.dr, chromecache_120.1.dr
Source:	Binary string: function(a,b){b=b.ey;var c,d;if(!(b?(c=a.options.Sib)==null?0:c.end:(d=a.options.Sib)==null?0:d.start)){c=b?a.Ia:a.Ba;d=b?a.ka:a.oa;a=Array.from(Object.values(d)).filter(function(g){return!g.Xca}).map(function(g){return g.element});a=_.kta(a).gyb();b=0;d=_.fb(Object.entries(d));for(var e=d.next();!e.done;e=d.next()){e=_.fb(e.value);var f=e.next().value;e.next().value.Xca||(c[f]=a[b++])}}},fWa=function(a){for(var b=_.fb(Object.values(a.oa)),c=b.next();!c.done;c=b.next()){var d=c.value;c=d.name;d=d.Pdb; source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: $Va=function(a){var b=[];a=_.fb(a);for(var c=a.next();!c.done;c=a.next()){c=c.value;if(typeof c.element==="string"){var d=_.Mg().document.querySelector(c.element);c.element=d}c.Pdb=_.Mg().getComputedStyle(c.element).display==="none";b.push(c)}return b};_.gWa=function(a,b){b=(b===void 0?{}:b).ey;if(!_.sta)throw Error("zd");cWa(a,{ey:b});a.kYa({ey:b});dWa(a,{ey:b});eWa(a,{ey:b});b&&fWa(a)}; source: chromecache_149.1.dr, chromecache_101.1.dr
Source:	Binary string: _.Pdb=new _.re(_.p4a); source: chromecache_114.1.dr, chromecache_120.1.dr
Source:	Binary string: _.iv=function(a){this.Ea=_.n(a)};_.G(_.iv,_.r);_.iv.prototype.getTitle=function(){return _.D(this,3)};_.iv.prototype.setTitle=function(a){return _.Df(this,3,a)};_.iv.prototype.Dd=function(){return _.sj(this,3)};_.iv.prototype.hb="DxxfTc";_.oDb=function(a){this.Ea=_.n(a)};_.G(_.oDb,_.r);_.pDb=function(a){this.Ea=_.n(a)};_.G(_.pDb,_.r);_.pDb.prototype.hb="hMCPXc";_.qDb=function(a){this.Ea=_.n(a)};_.G(_.qDb,_.r);_.qDb.prototype.hb="LT4Byf";new _.Eg(_.pDb);new _.Eg(_.qDb);_.fp.LT4Byf=function(a){return _.gp(_.hp(_.t(a,_.iv,1))).toString()};_.tq(_.qDb,_.iv,function(a){a=_.t(a,_.iv,1);return a!=null?[a]:[]});_.rDb=new _.ig("uZoEG",_.qDb,_.pDb,[_.oq,!0,_.pq,"/MerchantProfileService.GetActionGroup"]); source: chromecache_121.1.dr, chromecache_98.1.dr

Malware Analysis System Evasion

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Source: chromecache_88.1.dr

Binary or memory string: '}.ms-Icon--ConnectVirtualMachine::before{content:'