Windows Analysis Report
https://www.google.com.bo/url?url=https://lquoytskrlgpgnui&xwi=kbuzszc&lvndxc=qgp&exsci=jlrwlq&cgr=rfzonuz&hkxqn=tjdkfz&nfxv=nflxzvbj&cqfuqhbsmm=dlqdymgwer&q=amp/dobngcx.ty%c2%adtu%c2%admfqzuu%c2%adtde%c2%add%c2%adh%c2%ad.com/vd4wjea7t&svtx=qlrshkg&ugahrok=gkmn&hrsst=xtcvsi&ozefmvx=wgg

Overview

General Information

Sample URL:	https://www.google.com.bo/url?url=https://lquoytskrlgpgnui&xwi=kbuzszc&lvndxc=qgp&exsci=jlrwlq&cgr=rfzonuz&hkxqn=tjdkfz&nfxv=nflxzvbj&cqfuqhbsmm=dlqdymgwer&q=amp/dobngcx.ty%c2%adtu%c2%admfqzuu%c2%adtd
Analysis ID:	1528827
Infos:

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML page contains obfuscated javascript

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

HTML page contains obfuscated javascript

Source: https://www.google.com/

HTTP Parser: (function()

Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49790 version: TLS 1.2

Source:	Binary string: _.ndb=function(a,b,c,d){_.eoa()&&_.foa.get(a)&&(a=_.Te.get(a),!c&&b&&(c=_.Ue(b)),_.Je(b\|\|document.body,a,{element:b,dataset:c,event:d,jL:void 0,nxb:!0}))};_.odb=function(a,b,c){_.Xga(a,c);return _.tb(a,2,_.Wea(b),_.La())};_.pdb=function(a){return a.previousElementSibling!==void 0?a.previousElementSibling:_.wAa(a.previousSibling,!1)};qdb=function(a,b,c,d,e,f,g){_.cm.call(this,a);this.clientX=c;this.clientY=d;this.left=f!==void 0?f:b.deltaX;this.top=g!==void 0?g:b.deltaY;this.ka=b};_.hh(qdb,_.cm); source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: _.pDb=_.J("zbW2Cf");_.qDb=_.J("OZ3M7e"); source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: [];f=JNb(f,c);!f&&b&&(b=e?a.slice(0,d):a,f=JNb(b,c));return f},LNb=function(a,b){for(var c=a.length-1;c>=0;c--){var d=a[c];if(_.XLb(d,b))return d}},MNb=function(a,b){var c=b===void 0?{}:b;b=c.threshold===void 0?0:c.threshold;c=c.wrap===void 0?!0:c.wrap;var d=INb(a);a=d.pDb;d=d.k9b;var e=d>=0&&d<a.length,f=e?a.slice(0,d+1):[];f=LNb(f,b);!f&&c&&(c=e?a.slice(d+1):a,f=LNb(c,b));return f},NNb=function(a){(0,_.un)(function(){throw a;},0)},ONb=function(a,b){var c;return(c=a.reverse().find(function(d){return d.Ua=== source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: a.Yf.Su("bs",r.body.length);e.push(r.body);break;case 4:t=document.createElement("script");_.Ok.vY(t,_.Cyb(r.body));x=document.createElement("div");x.appendChild(t);e.push(x.innerHTML);break;case 5:z=_.QDb(r.body,_.cHb,function(){return _.fd(Error("th`"+r.body.substr(0,100)),{Of:{l:""+r.body.length,t:a.Zz}})});f=_.mf(z,_.PDb,1,_.nf());g=_.Ch(z,_.Hyb,3)?_.u(z,_.Hyb,3):void 0;break;case 8:B=JSON.parse(r.body);h=Object.assign(h\|\|{},B);break;case 9:break;case 6:case 3:throw Error("uh");case 11:return V.Db(2); source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: var INb=function(a){if(!document.body.contains(a))throw Error("Yf");var b=Array.from(document.body.querySelectorAll("[tabindex], a, input, textarea, select, button"));a=_.$aa(b,a,_.zAa);if(a>=0)return{pDb:b,k9b:a-1,j9b:a+1};a=-a-1;return{pDb:b,k9b:a-1,j9b:a}},JNb=function(a,b){for(var c=0;c<a.length;c++){var d=a[c];if(_.XLb(d,b))return d}},KNb=function(a){var b={};var c=b.threshold===void 0?0:b.threshold;b=b.wrap===void 0?!0:b.wrap;var d=INb(a);a=d.pDb;d=d.j9b;var e=d>=0&&d<a.length,f=e?a.slice(d): source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: _.PDb=function(a){this.Da=_.n(a)};_.C(_.PDb,_.q);_.PDb.prototype.getId=function(){return _.E(this,1)};_.PDb.prototype.ka=function(){return _.E(this,2)}; source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: _.pHb(g,f.target.element)}).then(void 0,function(g){_.Qgc(f.target,"error");throw g;})},Rgc=function(a,b,c,d,e,f,g){return Pgc(a,b,c,d,e,g).fetch().then(function(h){f?f(b):b.log();return h})},Sgc=function(a,b){var c=new Map;b&&(c=zgc(b));c.set("google_abuse",a);return b=Object.fromEntries(c)},Tgc=function(a){_.fd(a,{Of:a.details})},Ugc=function(){_.loa("async",{u:function(a){a=a.qb.el();Ogc(a).then(void 0,Tgc)}});Ggc()},Vgc=_.Sb(_.Hyb),Wgc=_.Sb(_.PDb),Xgc=function(a,b){this.ka=b;this.cache=_.ke(_.ba.ka? source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: var sDb;sDb=function(a){_.rDb=_.td();_.Ne(document,_.pDb,a);return new _.xf(function(b){window.addEventListener("message",function e(d){d.data.type==="dosCookie"&&(window.removeEventListener("message",e),_.Ne(document,_.qDb),b(decodeURIComponent(d.data.exemptionCookie)))})})};_.rDb=null;_.tDb=sDb;_.uDb=!1; source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: _.Odb=function(a,b){return Ndb(a.QN,b).then(function(c){if(c.size()>0)return c.Yc(0);throw _.MKa(a,b);})};_.nr=function(a,b,c){b=_.qg(b);return new _.lg(_.rf(a.QN,b,c))};_.or=function(a,b,c){b=_.qg(b);b=_.nr(a,b,c);if(b.size()>=1)return b.Yc(0);throw _.MKa(a,c);};_.Pdb=function(a,b){return _.Rn(a,'[jsname="'+b+'"]')};_.Qdb=function(a){a.oa=null;if(a.oL){if(a.oa){var b=a.oa;b.Oc=a.oL;b.render()}else _.yc(a.oL,_.Nk);_.Wl.Rb(a.oL,!!a.oa)}};_.Rdb=function(a,b){a.fRa=b;a.AP&&_.Wl.Rb(a.AP,a.fRa)}; source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: bHb=function(a,b){$Gb(_.Cyb(aHb(a,null,"script")),b)};dHb=function(a,b){var c=_.QDb(a,_.cHb,function(){_.fd(Error("If`"+a.substring(0,100)),{Of:{l:a.length.toString(),t:b}})});_.ba.W_jd\|\|(_.ba.W_jd={});for(var d=_.Ra(_.mf(c,_.PDb,1,_.nf())),e=d.next();!e.done;e=d.next())e=e.value,_.ba.W_jd[e.getId()]=JSON.parse(e.ka());_.Ch(c,_.Hyb,3)&&_.Lyb(_.u(c,_.Hyb,3))}; source: chromecache_92.1.dr, chromecache_103.1.dr

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /vd4wjea7t HTTP/1.1Host: dobngcx.tytumfqzuutdedh.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.Yezew14qcA8.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQAGwkwAAACMAgA0ACAAAAAAAAQDAAAAAAAAAIAEAAAAEACoAAAAAAIAAABBBAACgCAAAAICAECAAAAEUQAhQgAQEiiAehQAAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAAACKAAQIANAjEAAGgJwAAAiBHgACAAAAQAAAASAAAGYCMEAGIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAABAABAAUAAAAAAAAAAAAAAAAAAAAAAC/d=1/ed=1/br=1/rs=ACT90oHkPw8R-kitftoAWPmZum6PgjGxiw/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=1/ed=1/dg=3/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72754793 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arc
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=1/ed=1/dg=3/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72754793 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fe
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.7LPvRDgzcqA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo9wdgl3D0Cd5pn6O1gZXHwWDc_oTg/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&eom=1&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en HTTP/1.1Host: ogs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=U-0EZ8exE8SA9u8PyJWdwQs.1728376149214&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=2/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow?cb=72754793 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /images/hpp/ic_wahlberg_product_core_48.png8.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ogs.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=2/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow?cb=72754793 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.7LPvRDgzcqA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo9wdgl3D0Cd5pn6O1gZXHwWDc_oTg/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=U-0EZ8exE8SA9u8PyJWdwQs.1728376149214&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/ck=xjs.hd.Yezew14qcA8.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQgG6kwAAAKMAgA0ACAAAAAAAAQDAAIAAQQAAIgEAAAIEACsAAAQCAKAAABFBAICgCcCjTICAECBMAAEUQAhQgAQEiiAehQgAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAgACKAQQIANAjEAAGgJwAAAiBHgACAAAAQABAASAAQWYCMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/ujg=1/rs=ACT90oHghTe1J6TBy3FU_lTGRrcp9k8wzA/m=sb_wiz,aa,abd,sysl,sysk,sysf,syfz,sysj,sys5,sy10k,syzs,sysa,syzr,syta,sysg,sysi,syse,sysy,sys2,sysz,syt0,sysr,sysv,sysb,sysp,syss,syst,syrv,sysn,sys6,sys7,sys0,syrj,syrh,syrg,sys9,syzq,syt9,syrt,syt8,async,syw6,ifl,pHXghd,sf,sytp,syts,sy49q,sonic,TxCJfd,sy49u,qzxzOb,IsdWVc,sy49w,sy1fb,sy1bo,sy1bk,syrf,syrd,syre,syrc,syrb,sy48d,sy48g,sy2ca,sy17i,sy12e,sy12f,syrp,syr7,syfd,sybx,syc0,sybv,sybz,syby,sycr,spch,syuo,syun,rtH1bd,sy1ct,sy18l,sy17a,sygb,sy1cs,sy12k,sy1cr,sy17b,sygd,sy1cu,SMquOb,sy8i,sygk,sygh,sygi,sygl,sygg,sygt,sygr,sygp,sygf,syco,sycj,sycm,syam,syae,syb8,syal,syak,syaj,sya7,syb3,syas,sy9u,sy9t,syck,syc2,syc3,syc9,syaq,sybb,syc8,syc1,sybu,sybt,syah,syao,syc4,sybp,sybm,sybl,sybn,syag,syb9,sybg,sybe,sybi,sybf,sybh,syab,syb6,syct,syd8,sycu,syd9,sya9,syb5,syac,syb7,sya8,syb4,syar,syad,sycs,sych,sycd,syce,sy9x,sya1,sy9y,sya2,sy9z,sy9r,sy9o,sy9q,sya6,syc5,syg5,syge,syga,syg8,sy81,sy7y,sy80,syg7,sygc,syg6,syg4,syg1,syg0,sy84,uxMpU,syfw,syd3,syd1,sycv,syda,sycx,sycw,sybj,sycz,sycq,sy90,sy8z,sy8y,Mlhmy,QGR0gd,aurFic,sy99,fKUV3e,OTA3Ae,sy8j,OmgaI,EEDORb,PoEs9b,Pjplud,sy8u,sy8n,A1yn5d,YIZmRd,uY49fb,sy7v,sy7t,sy7u,sy7s,sy7r,byfTOb,lsjVmc,LEikZe,kWgXee,Ug7Xab,U0aPgd,ovKuLd,sgY6Zb,qafBPd,ebZ3mb,dowIGb,sy1cz,sy1cv,syut,sy1cy,syz6,d5EhJe,sy1df,fCxEDd,sywb,sy1de,sy1dd,sy1dc,sy1d8,sy1d3,sy1d5,sy1d4,sy1d7,sy1ai,sy1ab,sy17r,sywa,syyr,syyq,T1HOxc,sy1d6,sy1d2,zx30Y,sy1dg,sy1da,sy18y,Wo3n8,sys1,loL8vb,syt3,syt2,syt1,ms4mZb,syq7,B2qlPe,syvo,NzU6V,sy10w,syw5,zGLm3b,syxj,syxk,syxb,DhPYme,sy103,syzy,sy101,sy100,syy3,syy4,syzz,syzw,syy2,syzx,KHourd,MpJwZc,UUJqVe,sy7o,sOXFj,sy7n,s39S4,oGtAuc,NTMZac,nAFL3,sy8g,sy8f,q0xTif,y05UD,sy12x,sy1ca,sy1c4,syyp,sy1bw,sy14g,syyo,syyn,syym,syys,sy1c3,sy148,sy1bs,sy14d,sy1c2,sy12s,sy1bx,sy1bt,sy14e,sy14f,sy1c5,sy12h,sy1c1,sy1c0,sy1by,synn,sy1bz,sy1c7,sy1bm,sy1bu,sy1bl,sy1br,sy1bn,sy15c,sy1bv,sy1bh,sy14i,sy14j,syyu,syyv,epYOx?cb=72754793&xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data:
Source: global traffic	HTTP traffic detected: GET /client_204?atyp=i&biw=1280&bih=907&ei=U-0EZ8exE8SA9u8PyJWdwQs&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /images/hpp/ic_wahlberg_product_core_48.png8.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/ck=xjs.hd.Yezew14qcA8.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQgG6kwAAAKMAgA0ACAAAAAAAAQDAAIAAQQAAIgEAAAIEACsAAAQCAKAAABFBAICgCcCjTICAECBMAAEUQAhQgAQEiiAehQgAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAgACKAQQIANAjEAAGgJwAAAiBHgACAAAAQABAASAAQWYCMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/ujg=1/rs=ACT90oHghTe1J6TBy3FU_lTGRrcp9k8wzA/m=sb_wiz,aa,abd,sysl,sysk,sysf,syfz,sysj,sys5,sy10k,syzs,sysa,syzr,syta,sysg,sysi,syse,sysy,sys2,sysz,syt0,sysr,sysv,sysb,sysp,syss,syst,syrv,sysn,sys6,sys7,sys0,syrj,syrh,syrg,sys9,syzq,syt9,syrt,syt8,async,syw6,ifl,pHXghd,sf,sytp,syts,sy49q,sonic,TxCJfd,sy49u,qzxzOb,IsdWVc,sy49w,sy1fb,sy1bo,sy1bk,syrf,syrd,syre,syrc,syrb,sy48d,sy48g,sy2ca,sy17i,sy12e,sy12f,syrp,syr7,syfd,sybx,syc0,sybv,sybz,syby,sycr,spch,syuo,syun,rtH1bd,sy1ct,sy18l,sy17a,sygb,sy1cs,sy12k,sy1cr,sy17b,sygd,sy1cu,SMquOb,sy8i,sygk,sygh,sygi,sygl,sygg,sygt,sygr,sygp,sygf,syco,sycj,sycm,syam,syae,syb8,syal,syak,syaj,sya7,syb3,syas,sy9u,sy9t,syck,syc2,syc3,syc9,syaq,sybb,syc8,syc1,sybu,sybt,syah,syao,syc4,sybp,sybm,sybl,sybn,syag,syb9,sybg,sybe,sybi,sybf,sybh,syab,syb6,syct,syd8,sycu,syd9,sya9,syb5,syac,syb7,sya8,syb4,syar,syad,sycs,sych,sycd,syce,sy9x,sya1,sy9y,sya2,sy9z,sy9r,sy9o,sy9q,sya6,syc5,syg5,syge,syga,syg8,sy81,sy7y,sy80,syg7,sygc,syg6,syg4,syg1,syg0,sy84,uxMpU,syfw,syd3,syd1,sycv,syda,sycx,sycw,sybj,sycz,sycq,sy90,sy8z,sy8y,Mlhmy,QGR0gd,aurFic,sy99,fKUV3e,OTA3Ae,sy8j,OmgaI,EEDORb,PoEs9b,Pjplud,sy8u,sy8n,A1yn5d,YIZmRd,uY49fb,sy7v,sy7t,sy7u,sy7s,sy7r,byfTOb,lsjVmc,LEikZe,kWgXee,Ug7Xab,U0aPgd,ovKuLd,sgY6Zb,qafBPd,ebZ3mb,dowIGb,sy1cz,sy1cv,syut,sy1cy,syz6,d5EhJe,sy1df,fCxEDd,sywb,sy1de,sy1dd,sy1dc,sy1d8,sy1d3,sy1d5,sy1d4,sy1d7,sy1ai,sy1ab,sy17r,sywa,syyr,syyq,T1HOxc,sy1d6,sy1d2,zx30Y,sy1dg,sy1da,sy18y,Wo3n8,sys1,loL8vb,syt3,syt2,syt1,ms4mZb,syq7,B2qlPe,syvo,NzU6V,sy10w,syw5,zGLm3b,syxj,syxk,syxb,DhPYme,sy103,syzy,sy101,sy100,syy3,syy4,syzz,syzw,syy2,syzx,KHourd,MpJwZc,UUJqVe,sy7o,sOXFj,sy7n,s39S4,oGtAuc,NTMZac,nAFL3,sy8g,sy8f,q0xTif,y05UD,sy12x,sy1ca,sy1c4,syyp,sy1bw,sy14g,syyo,syyn,syym,syys,sy1c3,sy148,sy1bs,sy14d,sy1c2,sy12s,sy1bx,sy1bt,sy14e,sy14f,sy1c5,sy12h,sy1c1,sy1c0,sy1by,synn,sy1bz,sy1c7,sy1bm,sy1bu,sy1bl,sy1br,sy1bn,sy15c,sy1bv,sy1bh,sy14i,sy14j,syyu,syyv,epYOx?cb=72754793&xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69Sqsh
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.Yezew14qcA8.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQAGwkwAAACMAgA0ACAAAAAAAAQDAAAAAAAAAIAEAAAAEACoAAAAAAIAAABBBAACgCAAAAICAECAAAAEUQAhQgAQEiiAehQAAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAAACKAAQIANAjEAAGgJwAAAiBHgACAAAAQAAAASAAAGYCMEAGIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAABAABAAUAAAAAAAAAAAAAAAAAAAAAAC/d=0/br=1/rs=ACT90oHkPw8R-kitftoAWPmZum6PgjGxiw/m=syjy,syo2?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=t2P+rUhzA2Uy5O2&MD=gErbsfcd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /client_204?cs=1&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwiHp7Lyrv6IAxVEgP0HHchKJ7gQj-0KCBU..i&ei=U-0EZ8exE8SA9u8PyJWdwQs&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.dzJS-idA-mU.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oHbzI5ftmBat3lHQs4R6zSexhjAow%3Fcb%3D72754793,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.Yezew14qcA8.L.B1.O%2Fam%3DJFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQAGwkwAAACMAgA0ACAAAAAAAAQDAAAAAAAAAIAEAAAAEACoAAAAAAIAAABBBAACgCAAAAICAECAAAAEUQAhQgAQEiiAehQAAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAAACKAAQIANAjEAAGgJwAAAiBHgACAAAAQAAAASAAAGYCMEAGIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAABAABAAUAAAAAAAAAAAAAAAAAAAAAAC%2Fbr%3D1%2Frs%3DACT90oHkPw8R-kitftoAWPmZum6PgjGxiw,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.dzJS-idA-mU.es5.O%2Fck%3Dxjs.hd.Yezew14qcA8.L.B1.O%2Fam%3DJFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQgG6kwAAAKMAgA0ACAAAAAAAAQDAAIAAQQAAIgEAAAIEACsAAAQCAKAAABFBAICgCcCjTICAECBMAAEUQAhQgAQEiiAehQgAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAgACKAQQIANAjEAAGgJwAAAiBHgACAAAAQABAASAAQWYCMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oHghTe1J6TBy3FU_lTGRrcp9k8wzA%3Fcb%3D72754793,_fmt:prog,_id:_U-0EZ8exE8SA9u8PyJWdwQs_8 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/m=sy1ei,P10Owf,sy1db,sy1d9,syqz,gSZvdb,sy10f,sy10e,WlNQGd,syr4,syr1,syr0,syqy,DPreE,sy10r,sy10p,nabPbb,sy109,sy107,syjy,syo2,CnSW2d,kQvlef,sy10q,fXO0xe?cb=72754793&xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.Yezew14qcA8.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQAGwkwAAACMAgA0ACAAAAAAAAQDAAAAAAAAAIAEAAAAEACoAAAAAAIAAABBBAACgCAAAAICAECAAAAEUQAhQgAQEiiAehQAAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAAACKAAQIANAjEAAGgJwAAAiBHgACAAAAQAAAASAAAGYCMEAGIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAABAABAAUAAAAAAAAAAAAAAAAAAAAAAC/d=0/br=1/rs=ACT90oHkPw8R-kitftoAWPmZum6PgjGxiw/m=syjy,syo2?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/m=aLUfP?cb=72754793&xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwiHp7Lyrv6IAxVEgP0HHchKJ7gQj-0KCBU..i&ei=U-0EZ8exE8SA9u8PyJWdwQs&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.dzJS-idA-mU.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oHbzI5ftmBat3lHQs4R6zSexhjAow%3Fcb%3D72754793,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.Yezew14qcA8.L.B1.O%2Fam%3DJFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQAGwkwAAACMAgA0ACAAAAAAAAQDAAAAAAAAAIAEAAAAEACoAAAAAAIAAABBBAACgCAAAAICAECAAAAEUQAhQgAQEiiAehQAAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAAACKAAQIANAjEAAGgJwAAAiBHgACAAAAQAAAASAAAGYCMEAGIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAABAABAAUAAAAAAAAAAAAAAAAAAAAAAC%2Fbr%3D1%2Frs%3DACT90oHkPw8R-kitftoAWPmZum6PgjGxiw,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.dzJS-idA-mU.es5.O%2Fck%3Dxjs.hd.Yezew14qcA8.L.B1.O%2Fam%3DJFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQgG6kwAAAKMAgA0ACAAAAAAAAQDAAIAAQQAAIgEAAAIEACsAAAQCAKAAABFBAICgCcCjTICAECBMAAEUQAhQgAQEiiAehQgAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAgACKAQQIANAjEAAGgJwAAAiBHgACAAAAQABAASAAQWYCMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oHghTe1J6TBy3FU_lTGRrcp9k8wzA%3Fcb%3D72754793,_fmt:prog,_id:_U-0EZ8exE8SA9u8PyJWdwQs_8 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/m=sy1ei,P10Owf,sy1db,sy1d9,syqz,gSZvdb,sy10f,sy10e,WlNQGd,syr4,syr1,syr0,syqy,DPreE,sy10r,sy10p,nabPbb,sy109,sy107,syjy,syo2,CnSW2d,kQvlef,sy10q,fXO0xe?cb=72754793&xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/m=lOO0Vd,sy8v,P6sQOc?cb=72754793&xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/m=aLUfP?cb=72754793&xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=U-0EZ8exE8SA9u8PyJWdwQs&zx=1728376154781&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/m=lOO0Vd,sy8v,P6sQOc?cb=72754793&xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=t2P+rUhzA2Uy5O2&MD=gErbsfcd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /vd4wjea7t HTTP/1.1Host: dobngcx.tytumfqzuutdedh.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com.bo
Source: global traffic	DNS traffic detected: DNS query: dobngcx.tytumfqzuutdedh.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: ogs.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /gen_204?s=webhp&t=cap&atyp=csi&ei=U-0EZ8exE8SA9u8PyJWdwQs&rt=wsrt.6069,cbt.91,hst.32&opi=89978449&dt=&ts=300 HTTP/1.1Host: www.google.comConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"Content-Type: text/plain;charset=UTF-8sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.google.comX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI

Source: chromecache_110.1.dr	String found in binary or memory: http://schema.org/WebPage
Source: chromecache_118.1.dr, chromecache_115.1.dr, chromecache_87.1.dr, chromecache_96.1.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_113.1.dr, chromecache_107.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_113.1.dr, chromecache_107.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_131.1.dr	String found in binary or memory: https://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_si_001_p%26continue%3Dhttps%25
Source: chromecache_118.1.dr, chromecache_115.1.dr, chromecache_113.1.dr, chromecache_107.1.dr, chromecache_110.1.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_101.1.dr, chromecache_95.1.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_92.1.dr, chromecache_103.1.dr	String found in binary or memory: https://cda-push-dev.sandbox.googleapis.com/upload/
Source: chromecache_113.1.dr, chromecache_107.1.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_103.1.dr	String found in binary or memory: https://content-push.googleapis.com/upload/
Source: chromecache_113.1.dr, chromecache_107.1.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_87.1.dr, chromecache_113.1.dr, chromecache_107.1.dr, chromecache_96.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_113.1.dr, chromecache_107.1.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_92.1.dr, chromecache_103.1.dr	String found in binary or memory: https://embeddedassistant-webchannel.googleapis.com/google.assistant.embedded.v1.EmbeddedAssistant/A
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_87.1.dr, chromecache_96.1.dr	String found in binary or memory: https://lens.google.com
Source: chromecache_92.1.dr, chromecache_103.1.dr	String found in binary or memory: https://lens.google.com/gen204
Source: chromecache_96.1.dr	String found in binary or memory: https://lensfrontend-pa.clients6.google.com/v1/crupload
Source: chromecache_110.1.dr	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chromecache_131.1.dr	String found in binary or memory: https://ogs.google.com/
Source: chromecache_110.1.dr	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chromecache_131.1.dr	String found in binary or memory: https://ogs.google.com/widget/callout
Source: chromecache_110.1.dr	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chromecache_110.1.dr	String found in binary or memory: https://ogs.google.com/widget/callout?prid=19037050
Source: chromecache_96.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_107.1.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_113.1.dr, chromecache_107.1.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_92.1.dr, chromecache_103.1.dr	String found in binary or memory: https://push.clients6.google.com/upload/
Source: chromecache_131.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: chromecache_111.1.dr, chromecache_133.1.dr	String found in binary or memory: https://ssl.gstatic.com/images/icons/material/system/1x/done_black_16dp.png)
Source: chromecache_111.1.dr, chromecache_133.1.dr	String found in binary or memory: https://ssl.gstatic.com/images/icons/material/system/1x/done_white_16dp.png)
Source: chromecache_111.1.dr, chromecache_133.1.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/menu/checkmark2-light.png)
Source: chromecache_111.1.dr, chromecache_133.1.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/menu/checkmark2.png)
Source: chromecache_92.1.dr, chromecache_103.1.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_87.1.dr, chromecache_96.1.dr	String found in binary or memory: https://support.google.com/websearch/answer/106230
Source: chromecache_87.1.dr, chromecache_101.1.dr, chromecache_95.1.dr, chromecache_96.1.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_113.1.dr, chromecache_107.1.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_118.1.dr, chromecache_115.1.dr, chromecache_131.1.dr	String found in binary or memory: https://www.google.com
Source: chromecache_131.1.dr	String found in binary or memory: https://www.google.com"
Source: chromecache_110.1.dr	String found in binary or memory: https://www.google.com/_/og/promos/
Source: chromecache_131.1.dr	String found in binary or memory: https://www.google.com/images/hpp/ic_wahlberg_product_core_48.png8.png
Source: chromecache_110.1.dr	String found in binary or memory: https://www.google.com/intl/en/about/products
Source: chromecache_87.1.dr, chromecache_101.1.dr, chromecache_95.1.dr, chromecache_96.1.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: chromecache_92.1.dr, chromecache_103.1.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_131.1.dr	String found in binary or memory: https://www.google.com/url?q
Source: chromecache_110.1.dr	String found in binary or memory: https://www.google.com/url?q=https://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_s
Source: chromecache_107.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_107.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_131.1.dr	String found in binary or memory: https://www.gstatic.com
Source: chromecache_131.1.dr	String found in binary or memory: https://www.gstatic.com/_/boq-one-google/_/r/
Source: chromecache_131.1.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.yz8dGmsqVEg.
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chromecache_115.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_110.1.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.eBPYdy5TlKU.2019.O/rt=j/m=qabr
Source: chromecache_110.1.dr	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.fSHv1dvvroY.L.W.O/m=qcwid
Source: chromecache_103.1.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49790 version: TLS 1.2

Source: classification engine

Classification label: sus20.phis.win@18/82@22/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1940,i,7030115413195500539,14222212199095660019,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com.bo/url?url=https://lquoytskrlgpgnui&xwi=kbuzszc&lvndxc=qgp&exsci=jlrwlq&cgr=rfzonuz&hkxqn=tjdkfz&nfxv=nflxzvbj&cqfuqhbsmm=dlqdymgwer&q=amp/dobngcx.ty%c2%adtu%c2%admfqzuu%c2%adtde%c2%add%c2%adh%c2%ad.com/vd4wjea7t&svtx=qlrshkg&ugahrok=gkmn&hrsst=xtcvsi&ozefmvx=wgg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1940,i,7030115413195500539,14222212199095660019,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: _.ndb=function(a,b,c,d){_.eoa()&&_.foa.get(a)&&(a=_.Te.get(a),!c&&b&&(c=_.Ue(b)),_.Je(b\|\|document.body,a,{element:b,dataset:c,event:d,jL:void 0,nxb:!0}))};_.odb=function(a,b,c){_.Xga(a,c);return _.tb(a,2,_.Wea(b),_.La())};_.pdb=function(a){return a.previousElementSibling!==void 0?a.previousElementSibling:_.wAa(a.previousSibling,!1)};qdb=function(a,b,c,d,e,f,g){_.cm.call(this,a);this.clientX=c;this.clientY=d;this.left=f!==void 0?f:b.deltaX;this.top=g!==void 0?g:b.deltaY;this.ka=b};_.hh(qdb,_.cm); source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: _.pDb=_.J("zbW2Cf");_.qDb=_.J("OZ3M7e"); source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: [];f=JNb(f,c);!f&&b&&(b=e?a.slice(0,d):a,f=JNb(b,c));return f},LNb=function(a,b){for(var c=a.length-1;c>=0;c--){var d=a[c];if(_.XLb(d,b))return d}},MNb=function(a,b){var c=b===void 0?{}:b;b=c.threshold===void 0?0:c.threshold;c=c.wrap===void 0?!0:c.wrap;var d=INb(a);a=d.pDb;d=d.k9b;var e=d>=0&&d<a.length,f=e?a.slice(0,d+1):[];f=LNb(f,b);!f&&c&&(c=e?a.slice(d+1):a,f=LNb(c,b));return f},NNb=function(a){(0,_.un)(function(){throw a;},0)},ONb=function(a,b){var c;return(c=a.reverse().find(function(d){return d.Ua=== source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: a.Yf.Su("bs",r.body.length);e.push(r.body);break;case 4:t=document.createElement("script");_.Ok.vY(t,_.Cyb(r.body));x=document.createElement("div");x.appendChild(t);e.push(x.innerHTML);break;case 5:z=_.QDb(r.body,_.cHb,function(){return _.fd(Error("th`"+r.body.substr(0,100)),{Of:{l:""+r.body.length,t:a.Zz}})});f=_.mf(z,_.PDb,1,_.nf());g=_.Ch(z,_.Hyb,3)?_.u(z,_.Hyb,3):void 0;break;case 8:B=JSON.parse(r.body);h=Object.assign(h\|\|{},B);break;case 9:break;case 6:case 3:throw Error("uh");case 11:return V.Db(2); source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: var INb=function(a){if(!document.body.contains(a))throw Error("Yf");var b=Array.from(document.body.querySelectorAll("[tabindex], a, input, textarea, select, button"));a=_.$aa(b,a,_.zAa);if(a>=0)return{pDb:b,k9b:a-1,j9b:a+1};a=-a-1;return{pDb:b,k9b:a-1,j9b:a}},JNb=function(a,b){for(var c=0;c<a.length;c++){var d=a[c];if(_.XLb(d,b))return d}},KNb=function(a){var b={};var c=b.threshold===void 0?0:b.threshold;b=b.wrap===void 0?!0:b.wrap;var d=INb(a);a=d.pDb;d=d.j9b;var e=d>=0&&d<a.length,f=e?a.slice(d): source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: _.PDb=function(a){this.Da=_.n(a)};_.C(_.PDb,_.q);_.PDb.prototype.getId=function(){return _.E(this,1)};_.PDb.prototype.ka=function(){return _.E(this,2)}; source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: _.pHb(g,f.target.element)}).then(void 0,function(g){_.Qgc(f.target,"error");throw g;})},Rgc=function(a,b,c,d,e,f,g){return Pgc(a,b,c,d,e,g).fetch().then(function(h){f?f(b):b.log();return h})},Sgc=function(a,b){var c=new Map;b&&(c=zgc(b));c.set("google_abuse",a);return b=Object.fromEntries(c)},Tgc=function(a){_.fd(a,{Of:a.details})},Ugc=function(){_.loa("async",{u:function(a){a=a.qb.el();Ogc(a).then(void 0,Tgc)}});Ggc()},Vgc=_.Sb(_.Hyb),Wgc=_.Sb(_.PDb),Xgc=function(a,b){this.ka=b;this.cache=_.ke(_.ba.ka? source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: var sDb;sDb=function(a){_.rDb=_.td();_.Ne(document,_.pDb,a);return new _.xf(function(b){window.addEventListener("message",function e(d){d.data.type==="dosCookie"&&(window.removeEventListener("message",e),_.Ne(document,_.qDb),b(decodeURIComponent(d.data.exemptionCookie)))})})};_.rDb=null;_.tDb=sDb;_.uDb=!1; source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: _.Odb=function(a,b){return Ndb(a.QN,b).then(function(c){if(c.size()>0)return c.Yc(0);throw _.MKa(a,b);})};_.nr=function(a,b,c){b=_.qg(b);return new _.lg(_.rf(a.QN,b,c))};_.or=function(a,b,c){b=_.qg(b);b=_.nr(a,b,c);if(b.size()>=1)return b.Yc(0);throw _.MKa(a,c);};_.Pdb=function(a,b){return _.Rn(a,'[jsname="'+b+'"]')};_.Qdb=function(a){a.oa=null;if(a.oL){if(a.oa){var b=a.oa;b.Oc=a.oL;b.render()}else _.yc(a.oL,_.Nk);_.Wl.Rb(a.oL,!!a.oa)}};_.Rdb=function(a,b){a.fRa=b;a.AP&&_.Wl.Rb(a.AP,a.fRa)}; source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: bHb=function(a,b){$Gb(_.Cyb(aHb(a,null,"script")),b)};dHb=function(a,b){var c=_.QDb(a,_.cHb,function(){_.fd(Error("If`"+a.substring(0,100)),{Of:{l:a.length.toString(),t:b}})});_.ba.W_jd\|\|(_.ba.W_jd={});for(var d=_.Ra(_.mf(c,_.PDb,1,_.nf())),e=d.next();!e.done;e=d.next())e=e.value,_.ba.W_jd[e.getId()]=JSON.parse(e.ka());_.Ch(c,_.Hyb,3)&&_.Lyb(_.u(c,_.Hyb,3))}; source: chromecache_92.1.dr, chromecache_103.1.dr

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.78	unknown	United States	15169	GOOGLEUS	false
216.58.206.78	www3.l.google.com	United States	15169	GOOGLEUS	false
216.58.212.174	unknown	United States	15169	GOOGLEUS	false
87.121.86.72	dobngcx.tytumfqzuutdedh.com	Bulgaria	34577	SKATTV-ASBG	false
142.250.186.36	www.google.com	United States	15169	GOOGLEUS	false
172.217.18.4	unknown	United States	15169	GOOGLEUS	false
216.58.206.46	play.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.174	plus.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.13
192.168.2.14

Contacted Domains

Name	IP	Active
google.com	172.217.18.14	true
www3.l.google.com	216.58.206.78	true
plus.l.google.com	142.250.185.174	true
play.google.com	216.58.206.46	true
dobngcx.tytumfqzuutdedh.com	87.121.86.72	true
www.google.com	142.250.186.36	true
www.google.com.bo	142.250.181.227	true
ogs.google.com	unknown	unknown
apis.google.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/async/hpba?vet=10ahUKEwiHp7Lyrv6IAxVEgP0HHchKJ7gQj-0KCBU..i&ei=U-0EZ8exE8SA9u8PyJWdwQs&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.dzJS-idA-mU.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oHbzI5ftmBat3lHQs4R6zSexhjAow%3Fcb%3D72754793,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.Yezew14qcA8.L.B1.O%2Fam%3DJFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQAGwkwAAACMAgA0ACAAAAAAAAQDAAAAAAAAAIAEAAAAEACoAAAAAAIAAABBBAACgCAAAAICAECAAAAEUQAhQgAQEiiAehQAAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAAACKAAQIANAjEAAGgJwAAAiBHgACAAAAQAAAASAAAGYCMEAGIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAABAABAAUAAAAAAAAAAAAAAAAAAAAAAC%2Fbr%3D1%2Frs%3DACT90oHkPw8R-kitftoAWPmZum6PgjGxiw,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.dzJS-idA-mU.es5.O%2Fck%3Dxjs.hd.Yezew14qcA8.L.B1.O%2Fam%3DJFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQgG6kwAAAKMAgA0ACAAAAAAAAQDAAIAAQQAAIgEAAAIEACsAAAQCAKAAABFBAICgCcCjTICAECBMAAEUQAhQgAQEiiAehQgAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAgACKAQQIANAjEAAGgJwAAAiBHgACAAAAQABAASAAQWYCMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oHghTe1J6TBy3FU_lTGRrcp9k8wzA%3Fcb%3D72754793,_fmt:prog,_id:_U-0EZ8exE8SA9u8PyJWdwQs_8	false		unknown
https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=U-0EZ8exE8SA9u8PyJWdwQs.1728376149214&dpr=1&nolsbt=1	false		unknown
https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png	false	0%, Virustotal, Browse	unknown
https://www.google.com/xjs/_/ss/k=xjs.hd.Yezew14qcA8.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQAGwkwAAACMAgA0ACAAAAAAAAQDAAAAAAAAAIAEAAAAEACoAAAAAAIAAABBBAACgCAAAAICAECAAAAEUQAhQgAQEiiAehQAAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAAACKAAQIANAjEAAGgJwAAAiBHgACAAAAQAAAASAAAGYCMEAGIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAABAABAAUAAAAAAAAAAAAAAAAAAAAAAC/d=1/ed=1/br=1/rs=ACT90oHkPw8R-kitftoAWPmZum6PgjGxiw/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl	false		unknown
https://www.google.com/images/hpp/ic_wahlberg_product_core_48.png8.png	false	0%, Virustotal, Browse	unknown
https://dobngcx.tytumfqzuutdedh.com/vd4wjea7t	false		unknown
https://www.google.com/client_204?atyp=i&biw=1280&bih=907&ei=U-0EZ8exE8SA9u8PyJWdwQs&opi=89978449	false		unknown
https://www.google.com/xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/m=lOO0Vd,sy8v,P6sQOc?cb=72754793&xjs=s4	false		unknown
https://www.google.com/gen_204?atyp=i&ei=U-0EZ8exE8SA9u8PyJWdwQs&vet=10ahUKEwiHp7Lyrv6IAxVEgP0HHchKJ7gQuqMJCCQ..s&bl=LAkc&s=webhp&lpl=CAUYATACOANiCAgLEMDnjf8B&zx=1728376152319&opi=89978449	false		unknown
https://www.google.com/gen_204?atyp=csi&ei=U-0EZ8exE8SA9u8PyJWdwQs&s=promo&rt=hpbas.5440,hpbarr.1271&zx=1728376153563&opi=89978449	false		unknown
https://www.google.com/xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/ck=xjs.hd.Yezew14qcA8.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQgG6kwAAAKMAgA0ACAAAAAAAAQDAAIAAQQAAIgEAAAIEACsAAAQCAKAAABFBAICgCcCjTICAECBMAAEUQAhQgAQEiiAehQgAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAgACKAQQIANAjEAAGgJwAAAiBHgACAAAAQABAASAAQWYCMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/ujg=1/rs=ACT90oHghTe1J6TBy3FU_lTGRrcp9k8wzA/m=sb_wiz,aa,abd,sysl,sysk,sysf,syfz,sysj,sys5,sy10k,syzs,sysa,syzr,syta,sysg,sysi,syse,sysy,sys2,sysz,syt0,sysr,sysv,sysb,sysp,syss,syst,syrv,sysn,sys6,sys7,sys0,syrj,syrh,syrg,sys9,syzq,syt9,syrt,syt8,async,syw6,ifl,pHXghd,sf,sytp,syts,sy49q,sonic,TxCJfd,sy49u,qzxzOb,IsdWVc,sy49w,sy1fb,sy1bo,sy1bk,syrf,syrd,syre,syrc,syrb,sy48d,sy48g,sy2ca,sy17i,sy12e,sy12f,syrp,syr7,syfd,sybx,syc0,sybv,sybz,syby,sycr,spch,syuo,syun,rtH1bd,sy1ct,sy18l,sy17a,sygb,sy1cs,sy12k,sy1cr,sy17b,sygd,sy1cu,SMquOb,sy8i,sygk,sygh,sygi,sygl,sygg,sygt,sygr,sygp,sygf,syco,sycj,sycm,syam,syae,syb8,syal,syak,syaj,sya7,syb3,syas,sy9u,sy9t,syck,syc2,syc3,syc9,syaq,sybb,syc8,syc1,sybu,sybt,syah,syao,syc4,sybp,sybm,sybl,sybn,syag,syb9,sybg,sybe,sybi,sybf,sybh,syab,syb6,syct,syd8,sycu,syd9,sya9,syb5,syac,syb7,sya8,syb4,syar,syad,sycs,sych,sycd,syce,sy9x,sya1,sy9y,sya2,sy9z,sy9r,sy9o,sy9q,sya6,syc5,syg5,syge,syga,syg8,sy81,sy7y,sy80,syg7,sygc,syg6,syg4,syg1,syg0,sy84,uxMpU,syfw,syd3,syd1,sycv,syda,sycx,sycw,sybj,sycz,sycq,sy90,sy8z,sy8y,Mlhmy,QGR0gd,aurFic,sy99,fKUV3e,OTA3Ae,sy8j,OmgaI,EEDORb,PoEs9b,Pjplud,sy8u,sy8n,A1yn5d,YIZmRd,uY49fb,sy7v,sy7t,sy7u,sy7s,sy7r,byfTOb,lsjVmc,LEikZe,kWgXee,Ug7Xab,U0aPgd,ovKuLd,sgY6Zb,qafBPd,ebZ3mb,dowIGb,sy1cz,sy1cv,syut,sy1cy,syz6,d5EhJe,sy1df,fCxEDd,sywb,sy1de,sy1dd,sy1dc,sy1d8,sy1d3,sy1d5,sy1d4,sy1d7,sy1ai,sy1ab,sy17r,sywa,syyr,syyq,T1HOxc,sy1d6,sy1d2,zx30Y,sy1dg,sy1da,sy18y,Wo3n8,sys1,loL8vb,syt3,syt2,syt1,ms4mZb,syq7,B2qlPe,syvo,NzU6V,sy10w,syw5,zGLm3b,syxj,syxk,syxb,DhPYme,sy103,syzy,sy101,sy100,syy3,syy4,syzz,syzw,syy2,syzx,KHourd,MpJwZc,UUJqVe,sy7o,sOXFj,sy7n,s39S4,oGtAuc,NTMZac,nAFL3,sy8g,sy8f,q0xTif,y05UD,sy12x,sy1ca,sy1c4,syyp,sy1bw,sy14g,syyo,syyn,syym,syys,sy1c3,sy148,sy1bs,sy14d,sy1c2,sy12s,sy1bx,sy1bt,sy14e,sy14f,sy1c5,sy12h,sy1c1,sy1c0,sy1by,synn,sy1bz,sy1c7,sy1bm,sy1bu,sy1bl,sy1br,sy1bn,sy15c,sy1bv,sy1bh,sy14i,sy14j,syyu,syyv,epYOx?cb=72754793&xjs=s3	false		unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.7LPvRDgzcqA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo9wdgl3D0Cd5pn6O1gZXHwWDc_oTg/cb=gapi.loaded_0	false	0%, Virustotal, Browse	unknown
https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&eom=1&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en	false	URL Reputation: safe	unknown
https://www.google.com/gen_204?atyp=i&ei=U-0EZ8exE8SA9u8PyJWdwQs&dt19=2&prm23=0&zx=1728376152298&opi=89978449	false		unknown
https://www.google.com/xjs/_/js/md=2/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow?cb=72754793	false		unknown
http://dobngcx.tytumfqzuutdedh.com/vd4wjea7t	false		unknown
https://www.google.com/gen_204?atyp=csi&ei=U-0EZ8exE8SA9u8PyJWdwQs&s=webhp&t=all&imn=11&ima=1&imad=0&imac=1&wh=907&aftie=NF&aft=1&aftp=907&adh=&cls=0.000046949291965270124&ime=1&imeae=0&imeap=0&imex=1&imeh=0&imeha=0&imehb=0&imea=0&imeb=0&imel=0&imed=0&imeeb=0&scp=0&cb=198069&ucb=198069&ts=198369&dt=&mem=ujhs.11,tjhs.14,jhsl.2173,dm.8&nv=ne.1,feid.21c31cc6-9125-4a60-954a-9f4c15a3761f&net=dl.1500,ect.3g,rtt.300&hp=&sys=hc.4&p=bs.true&rt=hst.32,cbt.91,prt.986,afti.1355,aft.1355,aftqf.1356,xjses.2295,xjsee.2338,xjs.2338,lcp.1372,fcp.978,wsrt.6069,cst.0,dnst.0,rqst.603,rspt.330,rqstt.5796,unt.5793,cstt.5793,dit.7072&zx=1728376149193&opi=89978449	false		unknown
https://play.google.com/log?format=json&hasfast=true&authuser=0	false	0%, Virustotal, Browse	unknown
https://www.google.com/client_204?cs=1&opi=89978449	false	1%, Virustotal, Browse	unknown
https://www.google.com/xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/m=sy1ei,P10Owf,sy1db,sy1d9,syqz,gSZvdb,sy10f,sy10e,WlNQGd,syr4,syr1,syr0,syqy,DPreE,sy10r,sy10p,nabPbb,sy109,sy107,syjy,syo2,CnSW2d,kQvlef,sy10q,fXO0xe?cb=72754793&xjs=s4	false		unknown
https://www.google.com/favicon.ico	false	0%, Virustotal, Browse	unknown
https://play.google.com/log?hasfast=true&authuser=0&format=json	false	0%, Virustotal, Browse	unknown
https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=U-0EZ8exE8SA9u8PyJWdwQs&rt=wsrt.6069,cbt.91,hst.32&opi=89978449&dt=&ts=300	false		unknown
https://play.google.com/log?format=json&hasfast=true	false	0%, Virustotal, Browse	unknown
https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp	false	0%, Virustotal, Browse	unknown
https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=U-0EZ8exE8SA9u8PyJWdwQs&rt=wsrt.6069,aft.1355,afti.1355,cbt.91,hst.32,prt.986&imn=11&ima=1&imad=0&imac=1&wh=907&aftie=NF&aft=1&aftp=907&opi=89978449&dt=&ts=198369	false		unknown
https://www.google.com/gen_204?atyp=csi&ei=U-0EZ8exE8SA9u8PyJWdwQs&s=promo&rt=hpbas.5440&zx=1728376152292&opi=89978449	false		unknown
https://www.google.com/	true		unknown
https://www.google.com/gen_204?atyp=csi&ei=Wu0EZ6-PBN_87_UPooTDwA8&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.11,tjhs.14,jhsl.2173,dm.8&nv=ne.1,feid.21c31cc6-9125-4a60-954a-9f4c15a3761f&hp=&rt=ttfb.1265,st.1266,bs.27,aaft.1267,acrt.1269,art.1269&zx=1728376153562&opi=89978449	false		unknown
https://www.google.com/xjs/_/ss/k=xjs.hd.Yezew14qcA8.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQAGwkwAAACMAgA0ACAAAAAAAAQDAAAAAAAAAIAEAAAAEACoAAAAAAIAAABBBAACgCAAAAICAECAAAAEUQAhQgAQEiiAehQAAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAAACKAAQIANAjEAAGgJwAAAiBHgACAAAAQAAAASAAAGYCMEAGIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAABAABAAUAAAAAAAAAAAAAAAAAAAAAAC/d=0/br=1/rs=ACT90oHkPw8R-kitftoAWPmZum6PgjGxiw/m=syjy,syo2?xjs=s4	false		unknown
https://www.google.com/xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/m=aLUfP?cb=72754793&xjs=s4	false		unknown
https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=U-0EZ8exE8SA9u8PyJWdwQs&zx=1728376154781&opi=89978449	false		unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 07:29:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	DDDC2BF3EDAEDB69EC505CF32E8FA2E7	33609E1C843DE183641B360F834C87713DD37B66	56B1B97024180AE3A2E13ED28532228FBC1FE6DB4C65FD2E257E5B6D9592D10C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 07:29:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	59C63BBD0D09F8BCF708F7E0DA652D80	5525706029350DCE4F622DEEA66C5C82686271C8	CE11918A6A471C0C17B358C3D6AEBDE0908A738C0E899C2DAC861BA747DBE84A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	A48B015B5E34174FE9D92160A64D9024	DA6B16E3CD9EF873BF892273967DEBBFAB468D20	48F467DF4B4DC9584AFCC23D15573E394A16FBC9808CFC7F19DD388848F6205B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 07:29:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	897605D1EB07DD849ED1BD0C68D7D5EB	2B0A63B2DD9977E53BF4B248DC54ACA88DC8A36B	7CBCED118C408E7189FCA6649615B0976E8EA3E31E22FD178EA7068564599859
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 07:29:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F7E3F72DD5A64154D25526646C229E5D	7C0EAB5D72D2C1F6D9D5BDD6A46B4C60D38C27BE	02E57FDE74BF11E2CDDE4AC6F66F821643A60D2548597582E470EB2CADF58BA1
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 07:29:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	88C97299F4C1BDAC9CC69AE5CE5919DC	7808C7F121DF02006256F62628B557762D06D53C	80D9C1E4EA4B763851F90DAEA128E6BE126B59F24E5F620616A1163D84FF4224
Chrome Cache Entry: 100	ASCII text, with very long lines (550)	5F355BE3092158FD1A91157F20D67740	063E840E044A32069C38D781510F2317DC46EB07	9DD896A00434FBE6AF510E6CF5C93A75CEA9D22B16CBE7901B394AD965FE505D
Chrome Cache Entry: 101	ASCII text, with very long lines (1281)	BDE4FC303925E060FD29082EB088DF51	E97402C5D4F2D84968D937A3063427980D7C3FB9	52843D17ADB2908A15BB71D381C906448C6D34D8B6347E24BFB74C70071353DE
Chrome Cache Entry: 102	ASCII text, with very long lines (1521)	2784E3FE342F6A01979376EAA13FD4CA	FD60B9578A3251EEAB2859972F150F75FF4B30AA	8F620BF7E239D333F3EBC713E062E0B70A61D7C21479D01AEC1D715DE9E08D1B
Chrome Cache Entry: 103	ASCII text, with very long lines (7408)	35B32A9D4459F39E0B7E3D12F952A44D	3561751ED6CB484731C0B700ED20D3EA7E68030E	95C7243D4F2FE6A3A41E504CB2E02A8E100C156006C13F9C9A94DAC0123CE703
Chrome Cache Entry: 104	ASCII text, with very long lines (3521)	1FAA051F45EBC323389380E876975E60	15DB81883D13C1396158ED99D3C2F76795EC94EF	8D2D853939D542C316C9DA3724934DC909AB3CD79756706C30891A001FC39732
Chrome Cache Entry: 105	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0	F61F0D4D0F968D5BBA39A84C76277E1A	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
Chrome Cache Entry: 106	ASCII text, with very long lines (960)	16060E8008A28B0A2831B25C9B09A396	344E472074E4571E58DE1DC8E450CC30256510C0	4A25326230D584904DFF0100543C6CF79035EA42FB4B63B72742B3E9120B5090
Chrome Cache Entry: 107	ASCII text, with very long lines (1885)	C299A572DF117831926BC3A0A25BA255	673F2AC4C7A41AB95FB14E2687666E81BC731E95	F847294692483E4B7666C0F98CBE2BD03B86AE27B721CAE332FEB26223DDE9FC
Chrome Cache Entry: 108	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	6282A05D151E7D0446C655D1892475E2	B2B05F319DA0E73250200AE9BB518A318D6B4C5D	4CAB9CF78FD7C85AE2236CDD47B905FA4173F664946DFAB008591B3CFE4280B7
Chrome Cache Entry: 109	ASCII text, with very long lines (8128)	DE1DAEF6AB6B3F3F5D17F2F1EC2955E8	0D587E6E86D74239FEB2588D5E29F054E16E7AF0	A9C01D87030429420E63A5EEAC7B14182E6F8A10C0D1194FD2331930BAEFB85B
Chrome Cache Entry: 110	HTML document, ASCII text, with very long lines (13655)	1F19CB842B82BEE48B356270852E821F	930AF6C1FA4265FC1A57EDD4437ABD1B4F30A376	AFD006E577D9DE24BF45992989D34F408F28CA92A8D7E34E53A933988D1B34C1
Chrome Cache Entry: 111	ASCII text, with very long lines (1689), with no line terminators	45DD7BD58C9F085DA52FA16A2A150066	9B5CF4B288EDE14AE8834F3EF2A58145B8EC8CBC	0D5C53FCC37C7A2CE26367BBE6197FCD9272DD7EBC81823D088A4DFFF5AE599B
Chrome Cache Entry: 112	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	F3418A443E7D841097C714D69EC4BCB8	49263695F6B0CDD72F45CF1B775E660FDC36C606	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
Chrome Cache Entry: 113	ASCII text, with very long lines (1885)	C299A572DF117831926BC3A0A25BA255	673F2AC4C7A41AB95FB14E2687666E81BC731E95	F847294692483E4B7666C0F98CBE2BD03B86AE27B721CAE332FEB26223DDE9FC
Chrome Cache Entry: 114	ASCII text, with very long lines (4232), with no line terminators	DA43A25BD1F9DD99ABEEE97AE6E6BCA6	FAF739B5A3ACE85BABEF8AF8C123C7B140D5222A	FC42CAFE3E110C38CB62AB04E51E2F806F308D3ED3F95C9E3AB5D0B7B3C9978A
Chrome Cache Entry: 115	ASCII text, with very long lines (2287)	CA99755538A8D8B1866C97729137BFEE	0949EAA1931E46A95BF1B0674F43D92885B3BEC7	088314A76E272A02EA40D754DDBA1E839D2C2817C5385CE332A03664C0B45B36
Chrome Cache Entry: 116	ASCII text, with very long lines (550)	5F355BE3092158FD1A91157F20D67740	063E840E044A32069C38D781510F2317DC46EB07	9DD896A00434FBE6AF510E6CF5C93A75CEA9D22B16CBE7901B394AD965FE505D
Chrome Cache Entry: 117	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	6282A05D151E7D0446C655D1892475E2	B2B05F319DA0E73250200AE9BB518A318D6B4C5D	4CAB9CF78FD7C85AE2236CDD47B905FA4173F664946DFAB008591B3CFE4280B7
Chrome Cache Entry: 118	ASCII text, with very long lines (2287)	CA99755538A8D8B1866C97729137BFEE	0949EAA1931E46A95BF1B0674F43D92885B3BEC7	088314A76E272A02EA40D754DDBA1E839D2C2817C5385CE332A03664C0B45B36
Chrome Cache Entry: 119	PNG image data, 272 x 92, 8-bit/color RGBA, non-interlaced	8F9327DB2597FA57D2F42B4A6C5A9855	1737D3DFB411C07B86ED8BD30F5987A4DC397CC1	5776CD87617EACEC3BC00EBCF530D1924026033EDA852F706C1A675A98915826
Chrome Cache Entry: 120	ASCII text, with very long lines (766)	3341AE719CA57EE85D8715A82AB61A1D	037EB9FB78E71BCD620A5DC0DA1A710ABB598881	FEEF50BC9562E23158661058EC1CC872C32E3689EBD9C950F08C8846A737525E
Chrome Cache Entry: 121	ASCII text, with no line terminators	BEEDCB4EB0A559E6CE2D1E20D38CB330	A04EE9801770C0E81B170D7992EC3735E878AA58	6E9D99B87595B07B10676B68EBE9AA8B63DF7D9A74F59CC91EED60EA1FBDC6EF
Chrome Cache Entry: 122	ASCII text, with very long lines (766)	3341AE719CA57EE85D8715A82AB61A1D	037EB9FB78E71BCD620A5DC0DA1A710ABB598881	FEEF50BC9562E23158661058EC1CC872C32E3689EBD9C950F08C8846A737525E
Chrome Cache Entry: 123	RIFF (little-endian) data, Web/P image	C3DFF0D9F30EC0BCF4DEC9524505916B	4B378403ACBEBC3747E08C69B5FD7770A850C9EB	73D788F86BE22112BB53762545989C0F1BBDB7343161130952C9BA3834FF81E3
Chrome Cache Entry: 124	HTML document, Unicode text, UTF-8 text, with very long lines (1136)	FBE36EB2EECF1B90451A3A72701E49D2	AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D	E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
Chrome Cache Entry: 125	ASCII text, with very long lines (593)	113CC24BFAB7880FF9283B165661C5E5	963A66CDCA205F46F3F40D7FC5FD1BD6D051F96F	86783AEFA506F5EB04CF32C687B45E18F4FD7657409C04FD913B1DED9B4074D7
Chrome Cache Entry: 126	ASCII text, with very long lines (524)	5F754170F4DEE8512EC4EB82C4BB761A	1751C758E0909ECAACF70B0326DA4B573D2C54D8	D99F4A6CF0E7A1068FA7E03DB634E1476DFB8E0A7A9FBD2E61AE445992E938E1
Chrome Cache Entry: 127	RIFF (little-endian) data, Web/P image	C3DFF0D9F30EC0BCF4DEC9524505916B	4B378403ACBEBC3747E08C69B5FD7770A850C9EB	73D788F86BE22112BB53762545989C0F1BBDB7343161130952C9BA3834FF81E3
Chrome Cache Entry: 128	ASCII text, with very long lines (524)	5F754170F4DEE8512EC4EB82C4BB761A	1751C758E0909ECAACF70B0326DA4B573D2C54D8	D99F4A6CF0E7A1068FA7E03DB634E1476DFB8E0A7A9FBD2E61AE445992E938E1
Chrome Cache Entry: 129	HTML document, Unicode text, UTF-8 text, with very long lines (1136)	FBE36EB2EECF1B90451A3A72701E49D2	AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D	E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
Chrome Cache Entry: 130	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0	5D4AEB4E5F5EF754E307D7FFAEF688BD	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
Chrome Cache Entry: 131	HTML document, ASCII text, with very long lines (32554)	509B0BF173BF345ECB6B115A480992C9	6CC37D3921E12856BC8717D8B48CA8A244C8DCCE	0BC306B6561DE1322B00883A4E1AF647D08800C7486F1B9D22711E72B8F45ACD
Chrome Cache Entry: 132	ASCII text, with very long lines (593)	113CC24BFAB7880FF9283B165661C5E5	963A66CDCA205F46F3F40D7FC5FD1BD6D051F96F	86783AEFA506F5EB04CF32C687B45E18F4FD7657409C04FD913B1DED9B4074D7
Chrome Cache Entry: 133	ASCII text, with very long lines (1689), with no line terminators	45DD7BD58C9F085DA52FA16A2A150066	9B5CF4B288EDE14AE8834F3EF2A58145B8EC8CBC	0D5C53FCC37C7A2CE26367BBE6197FCD9272DD7EBC81823D088A4DFFF5AE599B
Chrome Cache Entry: 134	JSON data	0C4F0591978AF5D3AAC22708BACA88C9	84BB13ABC1EB195E14E71ECBF46C6350846B854C	F267CBCED93B946B918FAAAEBB7126A1817CA2725F0B94DC4ABEAA4FFE07B3D6
Chrome Cache Entry: 135	JSON data	0C4F0591978AF5D3AAC22708BACA88C9	84BB13ABC1EB195E14E71ECBF46C6350846B854C	F267CBCED93B946B918FAAAEBB7126A1817CA2725F0B94DC4ABEAA4FFE07B3D6
Chrome Cache Entry: 87	ASCII text, with very long lines (621)	258996E197C4A7A1AAE1A4AB6B6BACA9	260AF51F8325424B5ABA04661E8E2CC5FC7204D2	6FE6F6462AC4A06FB2C540FCB16B39ABABE674D7B78032C4147D2785DDA890EA
Chrome Cache Entry: 88	ASCII text	C13E0D82B49363F775A831DE276428BA	EDE6F89BDB477501162EDBB668E6FA21980F36E3	E3644E1D0B7FB19B915320F6057631B66376F0F98EA327B078CD2AECB6C84305
Chrome Cache Entry: 89	ASCII text, with very long lines (3521)	1FAA051F45EBC323389380E876975E60	15DB81883D13C1396158ED99D3C2F76795EC94EF	8D2D853939D542C316C9DA3724934DC909AB3CD79756706C30891A001FC39732
Chrome Cache Entry: 90	ASCII text, with very long lines (10093), with no line terminators	D65E709854C32D756DA316B7FC68A1E0	587C7A88CBC46322868C4BC8F37DDFB0AB2369EE	FAD93AA382237DA388873AA1288FE98D5BC7774C753ADB9D8A685BB91EED4670
Chrome Cache Entry: 91	ASCII text, with very long lines (8128)	DE1DAEF6AB6B3F3F5D17F2F1EC2955E8	0D587E6E86D74239FEB2588D5E29F054E16E7AF0	A9C01D87030429420E63A5EEAC7B14182E6F8A10C0D1194FD2331930BAEFB85B
Chrome Cache Entry: 92	ASCII text, with very long lines (7408)	35B32A9D4459F39E0B7E3D12F952A44D	3561751ED6CB484731C0B700ED20D3EA7E68030E	95C7243D4F2FE6A3A41E504CB2E02A8E100C156006C13F9C9A94DAC0123CE703
Chrome Cache Entry: 93	ASCII text	35BE9D35AE5F368A0B4979479DFC2FA9	4AE93D89B68315847A1C9302EE51D1637019159F	0290D5CEE5EB7003C5E6382932F5550FCFB819F54AE4A47E9B77C5AF852A5F18
Chrome Cache Entry: 94	ASCII text, with very long lines (960)	16060E8008A28B0A2831B25C9B09A396	344E472074E4571E58DE1DC8E450CC30256510C0	4A25326230D584904DFF0100543C6CF79035EA42FB4B63B72742B3E9120B5090
Chrome Cache Entry: 95	ASCII text, with very long lines (1281)	BDE4FC303925E060FD29082EB088DF51	E97402C5D4F2D84968D937A3063427980D7C3FB9	52843D17ADB2908A15BB71D381C906448C6D34D8B6347E24BFB74C70071353DE
Chrome Cache Entry: 96	ASCII text, with very long lines (621)	258996E197C4A7A1AAE1A4AB6B6BACA9	260AF51F8325424B5ABA04661E8E2CC5FC7204D2	6FE6F6462AC4A06FB2C540FCB16B39ABABE674D7B78032C4147D2785DDA890EA
Chrome Cache Entry: 97	PNG image data, 272 x 92, 8-bit/color RGBA, non-interlaced	8F9327DB2597FA57D2F42B4A6C5A9855	1737D3DFB411C07B86ED8BD30F5987A4DC397CC1	5776CD87617EACEC3BC00EBCF530D1924026033EDA852F706C1A675A98915826
Chrome Cache Entry: 98	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	F3418A443E7D841097C714D69EC4BCB8	49263695F6B0CDD72F45CF1B775E660FDC36C606	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
Chrome Cache Entry: 99	ASCII text, with very long lines (1521)	2784E3FE342F6A01979376EAA13FD4CA	FD60B9578A3251EEAB2859972F150F75FF4B30AA	8F620BF7E239D333F3EBC713E062E0B70A61D7C21479D01AEC1D715DE9E08D1B

Phishing

HTML page contains obfuscated javascript

Source: https://www.google.com/

HTTP Parser: (function()

Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49790 version: TLS 1.2

Source:	Binary string: _.ndb=function(a,b,c,d){_.eoa()&&_.foa.get(a)&&(a=_.Te.get(a),!c&&b&&(c=_.Ue(b)),_.Je(b\|\|document.body,a,{element:b,dataset:c,event:d,jL:void 0,nxb:!0}))};_.odb=function(a,b,c){_.Xga(a,c);return _.tb(a,2,_.Wea(b),_.La())};_.pdb=function(a){return a.previousElementSibling!==void 0?a.previousElementSibling:_.wAa(a.previousSibling,!1)};qdb=function(a,b,c,d,e,f,g){_.cm.call(this,a);this.clientX=c;this.clientY=d;this.left=f!==void 0?f:b.deltaX;this.top=g!==void 0?g:b.deltaY;this.ka=b};_.hh(qdb,_.cm); source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: _.pDb=_.J("zbW2Cf");_.qDb=_.J("OZ3M7e"); source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: [];f=JNb(f,c);!f&&b&&(b=e?a.slice(0,d):a,f=JNb(b,c));return f},LNb=function(a,b){for(var c=a.length-1;c>=0;c--){var d=a[c];if(_.XLb(d,b))return d}},MNb=function(a,b){var c=b===void 0?{}:b;b=c.threshold===void 0?0:c.threshold;c=c.wrap===void 0?!0:c.wrap;var d=INb(a);a=d.pDb;d=d.k9b;var e=d>=0&&d<a.length,f=e?a.slice(0,d+1):[];f=LNb(f,b);!f&&c&&(c=e?a.slice(d+1):a,f=LNb(c,b));return f},NNb=function(a){(0,_.un)(function(){throw a;},0)},ONb=function(a,b){var c;return(c=a.reverse().find(function(d){return d.Ua=== source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: a.Yf.Su("bs",r.body.length);e.push(r.body);break;case 4:t=document.createElement("script");_.Ok.vY(t,_.Cyb(r.body));x=document.createElement("div");x.appendChild(t);e.push(x.innerHTML);break;case 5:z=_.QDb(r.body,_.cHb,function(){return _.fd(Error("th`"+r.body.substr(0,100)),{Of:{l:""+r.body.length,t:a.Zz}})});f=_.mf(z,_.PDb,1,_.nf());g=_.Ch(z,_.Hyb,3)?_.u(z,_.Hyb,3):void 0;break;case 8:B=JSON.parse(r.body);h=Object.assign(h\|\|{},B);break;case 9:break;case 6:case 3:throw Error("uh");case 11:return V.Db(2); source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: var INb=function(a){if(!document.body.contains(a))throw Error("Yf");var b=Array.from(document.body.querySelectorAll("[tabindex], a, input, textarea, select, button"));a=_.$aa(b,a,_.zAa);if(a>=0)return{pDb:b,k9b:a-1,j9b:a+1};a=-a-1;return{pDb:b,k9b:a-1,j9b:a}},JNb=function(a,b){for(var c=0;c<a.length;c++){var d=a[c];if(_.XLb(d,b))return d}},KNb=function(a){var b={};var c=b.threshold===void 0?0:b.threshold;b=b.wrap===void 0?!0:b.wrap;var d=INb(a);a=d.pDb;d=d.j9b;var e=d>=0&&d<a.length,f=e?a.slice(d): source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: _.PDb=function(a){this.Da=_.n(a)};_.C(_.PDb,_.q);_.PDb.prototype.getId=function(){return _.E(this,1)};_.PDb.prototype.ka=function(){return _.E(this,2)}; source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: _.pHb(g,f.target.element)}).then(void 0,function(g){_.Qgc(f.target,"error");throw g;})},Rgc=function(a,b,c,d,e,f,g){return Pgc(a,b,c,d,e,g).fetch().then(function(h){f?f(b):b.log();return h})},Sgc=function(a,b){var c=new Map;b&&(c=zgc(b));c.set("google_abuse",a);return b=Object.fromEntries(c)},Tgc=function(a){_.fd(a,{Of:a.details})},Ugc=function(){_.loa("async",{u:function(a){a=a.qb.el();Ogc(a).then(void 0,Tgc)}});Ggc()},Vgc=_.Sb(_.Hyb),Wgc=_.Sb(_.PDb),Xgc=function(a,b){this.ka=b;this.cache=_.ke(_.ba.ka? source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: var sDb;sDb=function(a){_.rDb=_.td();_.Ne(document,_.pDb,a);return new _.xf(function(b){window.addEventListener("message",function e(d){d.data.type==="dosCookie"&&(window.removeEventListener("message",e),_.Ne(document,_.qDb),b(decodeURIComponent(d.data.exemptionCookie)))})})};_.rDb=null;_.tDb=sDb;_.uDb=!1; source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: _.Odb=function(a,b){return Ndb(a.QN,b).then(function(c){if(c.size()>0)return c.Yc(0);throw _.MKa(a,b);})};_.nr=function(a,b,c){b=_.qg(b);return new _.lg(_.rf(a.QN,b,c))};_.or=function(a,b,c){b=_.qg(b);b=_.nr(a,b,c);if(b.size()>=1)return b.Yc(0);throw _.MKa(a,c);};_.Pdb=function(a,b){return _.Rn(a,'[jsname="'+b+'"]')};_.Qdb=function(a){a.oa=null;if(a.oL){if(a.oa){var b=a.oa;b.Oc=a.oL;b.render()}else _.yc(a.oL,_.Nk);_.Wl.Rb(a.oL,!!a.oa)}};_.Rdb=function(a,b){a.fRa=b;a.AP&&_.Wl.Rb(a.AP,a.fRa)}; source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: bHb=function(a,b){$Gb(_.Cyb(aHb(a,null,"script")),b)};dHb=function(a,b){var c=_.QDb(a,_.cHb,function(){_.fd(Error("If`"+a.substring(0,100)),{Of:{l:a.length.toString(),t:b}})});_.ba.W_jd\|\|(_.ba.W_jd={});for(var d=_.Ra(_.mf(c,_.PDb,1,_.nf())),e=d.next();!e.done;e=d.next())e=e.value,_.ba.W_jd[e.getId()]=JSON.parse(e.ka());_.Ch(c,_.Hyb,3)&&_.Lyb(_.u(c,_.Hyb,3))}; source: chromecache_92.1.dr, chromecache_103.1.dr

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /vd4wjea7t HTTP/1.1Host: dobngcx.tytumfqzuutdedh.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.Yezew14qcA8.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQAGwkwAAACMAgA0ACAAAAAAAAQDAAAAAAAAAIAEAAAAEACoAAAAAAIAAABBBAACgCAAAAICAECAAAAEUQAhQgAQEiiAehQAAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAAACKAAQIANAjEAAGgJwAAAiBHgACAAAAQAAAASAAAGYCMEAGIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAABAABAAUAAAAAAAAAAAAAAAAAAAAAAC/d=1/ed=1/br=1/rs=ACT90oHkPw8R-kitftoAWPmZum6PgjGxiw/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=1/ed=1/dg=3/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72754793 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arc
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=1/ed=1/dg=3/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72754793 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fe
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.7LPvRDgzcqA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo9wdgl3D0Cd5pn6O1gZXHwWDc_oTg/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&eom=1&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en HTTP/1.1Host: ogs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=U-0EZ8exE8SA9u8PyJWdwQs.1728376149214&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=2/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow?cb=72754793 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /images/hpp/ic_wahlberg_product_core_48.png8.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ogs.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=2/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow?cb=72754793 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.7LPvRDgzcqA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo9wdgl3D0Cd5pn6O1gZXHwWDc_oTg/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=U-0EZ8exE8SA9u8PyJWdwQs.1728376149214&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/ck=xjs.hd.Yezew14qcA8.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQgG6kwAAAKMAgA0ACAAAAAAAAQDAAIAAQQAAIgEAAAIEACsAAAQCAKAAABFBAICgCcCjTICAECBMAAEUQAhQgAQEiiAehQgAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAgACKAQQIANAjEAAGgJwAAAiBHgACAAAAQABAASAAQWYCMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/ujg=1/rs=ACT90oHghTe1J6TBy3FU_lTGRrcp9k8wzA/m=sb_wiz,aa,abd,sysl,sysk,sysf,syfz,sysj,sys5,sy10k,syzs,sysa,syzr,syta,sysg,sysi,syse,sysy,sys2,sysz,syt0,sysr,sysv,sysb,sysp,syss,syst,syrv,sysn,sys6,sys7,sys0,syrj,syrh,syrg,sys9,syzq,syt9,syrt,syt8,async,syw6,ifl,pHXghd,sf,sytp,syts,sy49q,sonic,TxCJfd,sy49u,qzxzOb,IsdWVc,sy49w,sy1fb,sy1bo,sy1bk,syrf,syrd,syre,syrc,syrb,sy48d,sy48g,sy2ca,sy17i,sy12e,sy12f,syrp,syr7,syfd,sybx,syc0,sybv,sybz,syby,sycr,spch,syuo,syun,rtH1bd,sy1ct,sy18l,sy17a,sygb,sy1cs,sy12k,sy1cr,sy17b,sygd,sy1cu,SMquOb,sy8i,sygk,sygh,sygi,sygl,sygg,sygt,sygr,sygp,sygf,syco,sycj,sycm,syam,syae,syb8,syal,syak,syaj,sya7,syb3,syas,sy9u,sy9t,syck,syc2,syc3,syc9,syaq,sybb,syc8,syc1,sybu,sybt,syah,syao,syc4,sybp,sybm,sybl,sybn,syag,syb9,sybg,sybe,sybi,sybf,sybh,syab,syb6,syct,syd8,sycu,syd9,sya9,syb5,syac,syb7,sya8,syb4,syar,syad,sycs,sych,sycd,syce,sy9x,sya1,sy9y,sya2,sy9z,sy9r,sy9o,sy9q,sya6,syc5,syg5,syge,syga,syg8,sy81,sy7y,sy80,syg7,sygc,syg6,syg4,syg1,syg0,sy84,uxMpU,syfw,syd3,syd1,sycv,syda,sycx,sycw,sybj,sycz,sycq,sy90,sy8z,sy8y,Mlhmy,QGR0gd,aurFic,sy99,fKUV3e,OTA3Ae,sy8j,OmgaI,EEDORb,PoEs9b,Pjplud,sy8u,sy8n,A1yn5d,YIZmRd,uY49fb,sy7v,sy7t,sy7u,sy7s,sy7r,byfTOb,lsjVmc,LEikZe,kWgXee,Ug7Xab,U0aPgd,ovKuLd,sgY6Zb,qafBPd,ebZ3mb,dowIGb,sy1cz,sy1cv,syut,sy1cy,syz6,d5EhJe,sy1df,fCxEDd,sywb,sy1de,sy1dd,sy1dc,sy1d8,sy1d3,sy1d5,sy1d4,sy1d7,sy1ai,sy1ab,sy17r,sywa,syyr,syyq,T1HOxc,sy1d6,sy1d2,zx30Y,sy1dg,sy1da,sy18y,Wo3n8,sys1,loL8vb,syt3,syt2,syt1,ms4mZb,syq7,B2qlPe,syvo,NzU6V,sy10w,syw5,zGLm3b,syxj,syxk,syxb,DhPYme,sy103,syzy,sy101,sy100,syy3,syy4,syzz,syzw,syy2,syzx,KHourd,MpJwZc,UUJqVe,sy7o,sOXFj,sy7n,s39S4,oGtAuc,NTMZac,nAFL3,sy8g,sy8f,q0xTif,y05UD,sy12x,sy1ca,sy1c4,syyp,sy1bw,sy14g,syyo,syyn,syym,syys,sy1c3,sy148,sy1bs,sy14d,sy1c2,sy12s,sy1bx,sy1bt,sy14e,sy14f,sy1c5,sy12h,sy1c1,sy1c0,sy1by,synn,sy1bz,sy1c7,sy1bm,sy1bu,sy1bl,sy1br,sy1bn,sy15c,sy1bv,sy1bh,sy14i,sy14j,syyu,syyv,epYOx?cb=72754793&xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data:
Source: global traffic	HTTP traffic detected: GET /client_204?atyp=i&biw=1280&bih=907&ei=U-0EZ8exE8SA9u8PyJWdwQs&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; NID=518=b-AYCdLpz8Wv4tlvwmQPHeVnsJVINX-yZNibAPN2i_y217jU-_cL7tRMHv32B3p19XkTK1diKPCjEPL3JLL3_DtFaCYKX26KI3JqPDzVJXSMt-ISSuKpHCn9Q7bc_hv5YdR9C9Ss1sNIJrpn1B3ZDUa0L_xLoA0Rrici16S-VAixUYTkk3AG-E06LOxTc_SV0uI; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /images/hpp/ic_wahlberg_product_core_48.png8.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/ck=xjs.hd.Yezew14qcA8.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQgG6kwAAAKMAgA0ACAAAAAAAAQDAAIAAQQAAIgEAAAIEACsAAAQCAKAAABFBAICgCcCjTICAECBMAAEUQAhQgAQEiiAehQgAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAgACKAQQIANAjEAAGgJwAAAiBHgACAAAAQABAASAAQWYCMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/ujg=1/rs=ACT90oHghTe1J6TBy3FU_lTGRrcp9k8wzA/m=sb_wiz,aa,abd,sysl,sysk,sysf,syfz,sysj,sys5,sy10k,syzs,sysa,syzr,syta,sysg,sysi,syse,sysy,sys2,sysz,syt0,sysr,sysv,sysb,sysp,syss,syst,syrv,sysn,sys6,sys7,sys0,syrj,syrh,syrg,sys9,syzq,syt9,syrt,syt8,async,syw6,ifl,pHXghd,sf,sytp,syts,sy49q,sonic,TxCJfd,sy49u,qzxzOb,IsdWVc,sy49w,sy1fb,sy1bo,sy1bk,syrf,syrd,syre,syrc,syrb,sy48d,sy48g,sy2ca,sy17i,sy12e,sy12f,syrp,syr7,syfd,sybx,syc0,sybv,sybz,syby,sycr,spch,syuo,syun,rtH1bd,sy1ct,sy18l,sy17a,sygb,sy1cs,sy12k,sy1cr,sy17b,sygd,sy1cu,SMquOb,sy8i,sygk,sygh,sygi,sygl,sygg,sygt,sygr,sygp,sygf,syco,sycj,sycm,syam,syae,syb8,syal,syak,syaj,sya7,syb3,syas,sy9u,sy9t,syck,syc2,syc3,syc9,syaq,sybb,syc8,syc1,sybu,sybt,syah,syao,syc4,sybp,sybm,sybl,sybn,syag,syb9,sybg,sybe,sybi,sybf,sybh,syab,syb6,syct,syd8,sycu,syd9,sya9,syb5,syac,syb7,sya8,syb4,syar,syad,sycs,sych,sycd,syce,sy9x,sya1,sy9y,sya2,sy9z,sy9r,sy9o,sy9q,sya6,syc5,syg5,syge,syga,syg8,sy81,sy7y,sy80,syg7,sygc,syg6,syg4,syg1,syg0,sy84,uxMpU,syfw,syd3,syd1,sycv,syda,sycx,sycw,sybj,sycz,sycq,sy90,sy8z,sy8y,Mlhmy,QGR0gd,aurFic,sy99,fKUV3e,OTA3Ae,sy8j,OmgaI,EEDORb,PoEs9b,Pjplud,sy8u,sy8n,A1yn5d,YIZmRd,uY49fb,sy7v,sy7t,sy7u,sy7s,sy7r,byfTOb,lsjVmc,LEikZe,kWgXee,Ug7Xab,U0aPgd,ovKuLd,sgY6Zb,qafBPd,ebZ3mb,dowIGb,sy1cz,sy1cv,syut,sy1cy,syz6,d5EhJe,sy1df,fCxEDd,sywb,sy1de,sy1dd,sy1dc,sy1d8,sy1d3,sy1d5,sy1d4,sy1d7,sy1ai,sy1ab,sy17r,sywa,syyr,syyq,T1HOxc,sy1d6,sy1d2,zx30Y,sy1dg,sy1da,sy18y,Wo3n8,sys1,loL8vb,syt3,syt2,syt1,ms4mZb,syq7,B2qlPe,syvo,NzU6V,sy10w,syw5,zGLm3b,syxj,syxk,syxb,DhPYme,sy103,syzy,sy101,sy100,syy3,syy4,syzz,syzw,syy2,syzx,KHourd,MpJwZc,UUJqVe,sy7o,sOXFj,sy7n,s39S4,oGtAuc,NTMZac,nAFL3,sy8g,sy8f,q0xTif,y05UD,sy12x,sy1ca,sy1c4,syyp,sy1bw,sy14g,syyo,syyn,syym,syys,sy1c3,sy148,sy1bs,sy14d,sy1c2,sy12s,sy1bx,sy1bt,sy14e,sy14f,sy1c5,sy12h,sy1c1,sy1c0,sy1by,synn,sy1bz,sy1c7,sy1bm,sy1bu,sy1bl,sy1br,sy1bn,sy15c,sy1bv,sy1bh,sy14i,sy14j,syyu,syyv,epYOx?cb=72754793&xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69Sqsh
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.Yezew14qcA8.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQAGwkwAAACMAgA0ACAAAAAAAAQDAAAAAAAAAIAEAAAAEACoAAAAAAIAAABBBAACgCAAAAICAECAAAAEUQAhQgAQEiiAehQAAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAAACKAAQIANAjEAAGgJwAAAiBHgACAAAAQAAAASAAAGYCMEAGIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAABAABAAUAAAAAAAAAAAAAAAAAAAAAAC/d=0/br=1/rs=ACT90oHkPw8R-kitftoAWPmZum6PgjGxiw/m=syjy,syo2?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=t2P+rUhzA2Uy5O2&MD=gErbsfcd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /client_204?cs=1&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwiHp7Lyrv6IAxVEgP0HHchKJ7gQj-0KCBU..i&ei=U-0EZ8exE8SA9u8PyJWdwQs&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.dzJS-idA-mU.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oHbzI5ftmBat3lHQs4R6zSexhjAow%3Fcb%3D72754793,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.Yezew14qcA8.L.B1.O%2Fam%3DJFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQAGwkwAAACMAgA0ACAAAAAAAAQDAAAAAAAAAIAEAAAAEACoAAAAAAIAAABBBAACgCAAAAICAECAAAAEUQAhQgAQEiiAehQAAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAAACKAAQIANAjEAAGgJwAAAiBHgACAAAAQAAAASAAAGYCMEAGIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAABAABAAUAAAAAAAAAAAAAAAAAAAAAAC%2Fbr%3D1%2Frs%3DACT90oHkPw8R-kitftoAWPmZum6PgjGxiw,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.dzJS-idA-mU.es5.O%2Fck%3Dxjs.hd.Yezew14qcA8.L.B1.O%2Fam%3DJFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQgG6kwAAAKMAgA0ACAAAAAAAAQDAAIAAQQAAIgEAAAIEACsAAAQCAKAAABFBAICgCcCjTICAECBMAAEUQAhQgAQEiiAehQgAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAgACKAQQIANAjEAAGgJwAAAiBHgACAAAAQABAASAAQWYCMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oHghTe1J6TBy3FU_lTGRrcp9k8wzA%3Fcb%3D72754793,_fmt:prog,_id:_U-0EZ8exE8SA9u8PyJWdwQs_8 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/m=sy1ei,P10Owf,sy1db,sy1d9,syqz,gSZvdb,sy10f,sy10e,WlNQGd,syr4,syr1,syr0,syqy,DPreE,sy10r,sy10p,nabPbb,sy109,sy107,syjy,syo2,CnSW2d,kQvlef,sy10q,fXO0xe?cb=72754793&xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.Yezew14qcA8.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQAGwkwAAACMAgA0ACAAAAAAAAQDAAAAAAAAAIAEAAAAEACoAAAAAAIAAABBBAACgCAAAAICAECAAAAEUQAhQgAQEiiAehQAAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAAACKAAQIANAjEAAGgJwAAAiBHgACAAAAQAAAASAAAGYCMEAGIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAABAABAAUAAAAAAAAAAAAAAAAAAAAAAC/d=0/br=1/rs=ACT90oHkPw8R-kitftoAWPmZum6PgjGxiw/m=syjy,syo2?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=J5pwumnqt0KcU_lNcKY8s4yn4qMUji-Gbct77ZKJEnl4NemLXYBCY4_x4zXeFneb-o0RdQuwKdoci8kk0lnDQYWQvaiX1ZJ5GaBZ-oSsg__JvsL0iI0usGQpWr7VaLmRGdFBcH1-P3o69SqshfbVYZx2dZfsZhzbasYY4-ukpnMnE47SWAtEJ5PJTiKA6TaSpw0HLThi-FY
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/m=aLUfP?cb=72754793&xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwiHp7Lyrv6IAxVEgP0HHchKJ7gQj-0KCBU..i&ei=U-0EZ8exE8SA9u8PyJWdwQs&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.dzJS-idA-mU.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oHbzI5ftmBat3lHQs4R6zSexhjAow%3Fcb%3D72754793,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.Yezew14qcA8.L.B1.O%2Fam%3DJFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQAGwkwAAACMAgA0ACAAAAAAAAQDAAAAAAAAAIAEAAAAEACoAAAAAAIAAABBBAACgCAAAAICAECAAAAEUQAhQgAQEiiAehQAAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAAACKAAQIANAjEAAGgJwAAAiBHgACAAAAQAAAASAAAGYCMEAGIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAABAABAAUAAAAAAAAAAAAAAAAAAAAAAC%2Fbr%3D1%2Frs%3DACT90oHkPw8R-kitftoAWPmZum6PgjGxiw,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.dzJS-idA-mU.es5.O%2Fck%3Dxjs.hd.Yezew14qcA8.L.B1.O%2Fam%3DJFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQgG6kwAAAKMAgA0ACAAAAAAAAQDAAIAAQQAAIgEAAAIEACsAAAQCAKAAABFBAICgCcCjTICAECBMAAEUQAhQgAQEiiAehQgAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAgACKAQQIANAjEAAGgJwAAAiBHgACAAAAQABAASAAQWYCMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oHghTe1J6TBy3FU_lTGRrcp9k8wzA%3Fcb%3D72754793,_fmt:prog,_id:_U-0EZ8exE8SA9u8PyJWdwQs_8 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/m=sy1ei,P10Owf,sy1db,sy1d9,syqz,gSZvdb,sy10f,sy10e,WlNQGd,syr4,syr1,syr0,syqy,DPreE,sy10r,sy10p,nabPbb,sy109,sy107,syjy,syo2,CnSW2d,kQvlef,sy10q,fXO0xe?cb=72754793&xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/m=lOO0Vd,sy8v,P6sQOc?cb=72754793&xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/m=aLUfP?cb=72754793&xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=U-0EZ8exE8SA9u8PyJWdwQs&zx=1728376154781&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.dzJS-idA-mU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAgEKAAAAAKAAAAAAAAAAAAAAAAAAAIAAQQAAIgEAAAIAAAsAAAQCACAAAAEBAIAACcCjTAAAEABMAAAAAAAQAAAEigAAAAgAAMAAAAAgAAAAAABAAQAAAAAAAAAAAAAAAAAAgAACAQAAAAAAAAAAAAgAAACAHgAAAAAAAABAAAAAQQAAMEAGIAAAAAAAAKAPAIIHwJDCAgAAAAAAAAAAAAAABCBBMBcSUBCAAAAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oHbzI5ftmBat3lHQs4R6zSexhjAow/m=lOO0Vd,sy8v,P6sQOc?cb=72754793&xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7coUHTq0gLZgtsc8hTljHzbfiawAlK6iuSbL4xQyyGg3SEh0zJMftJU; OGPC=19037049-1:; NID=518=K5T0WydhgGVwKt1irY7ahFRHEt68rGBx6pfKxAPYzecJRXeO4_HZGz8qcSrFsSp1enxSsl1P7x9tQFdSQF-fVHWn0sZ3l9eOk5fvHItbzLRzbU3FcNoY0glPMGJscS7LB5n-PNTo7o1sai9m26hlT1Og34OBWF26xZS5DAWjtnHL_w7iFdRM7fLHbzpPvuiKA4ebP095S7vPLo9-LC2CrQ
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=t2P+rUhzA2Uy5O2&MD=gErbsfcd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /vd4wjea7t HTTP/1.1Host: dobngcx.tytumfqzuutdedh.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com.bo
Source: global traffic	DNS traffic detected: DNS query: dobngcx.tytumfqzuutdedh.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: ogs.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

Source: chromecache_110.1.dr	String found in binary or memory: http://schema.org/WebPage
Source: chromecache_118.1.dr, chromecache_115.1.dr, chromecache_87.1.dr, chromecache_96.1.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_113.1.dr, chromecache_107.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_113.1.dr, chromecache_107.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_131.1.dr	String found in binary or memory: https://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_si_001_p%26continue%3Dhttps%25
Source: chromecache_118.1.dr, chromecache_115.1.dr, chromecache_113.1.dr, chromecache_107.1.dr, chromecache_110.1.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_101.1.dr, chromecache_95.1.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_92.1.dr, chromecache_103.1.dr	String found in binary or memory: https://cda-push-dev.sandbox.googleapis.com/upload/
Source: chromecache_113.1.dr, chromecache_107.1.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_103.1.dr	String found in binary or memory: https://content-push.googleapis.com/upload/
Source: chromecache_113.1.dr, chromecache_107.1.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_87.1.dr, chromecache_113.1.dr, chromecache_107.1.dr, chromecache_96.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_113.1.dr, chromecache_107.1.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_92.1.dr, chromecache_103.1.dr	String found in binary or memory: https://embeddedassistant-webchannel.googleapis.com/google.assistant.embedded.v1.EmbeddedAssistant/A
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_87.1.dr, chromecache_96.1.dr	String found in binary or memory: https://lens.google.com
Source: chromecache_92.1.dr, chromecache_103.1.dr	String found in binary or memory: https://lens.google.com/gen204
Source: chromecache_96.1.dr	String found in binary or memory: https://lensfrontend-pa.clients6.google.com/v1/crupload
Source: chromecache_110.1.dr	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chromecache_131.1.dr	String found in binary or memory: https://ogs.google.com/
Source: chromecache_110.1.dr	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chromecache_131.1.dr	String found in binary or memory: https://ogs.google.com/widget/callout
Source: chromecache_110.1.dr	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chromecache_110.1.dr	String found in binary or memory: https://ogs.google.com/widget/callout?prid=19037050
Source: chromecache_96.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_107.1.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_113.1.dr, chromecache_107.1.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_92.1.dr, chromecache_103.1.dr	String found in binary or memory: https://push.clients6.google.com/upload/
Source: chromecache_131.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: chromecache_111.1.dr, chromecache_133.1.dr	String found in binary or memory: https://ssl.gstatic.com/images/icons/material/system/1x/done_black_16dp.png)
Source: chromecache_111.1.dr, chromecache_133.1.dr	String found in binary or memory: https://ssl.gstatic.com/images/icons/material/system/1x/done_white_16dp.png)
Source: chromecache_111.1.dr, chromecache_133.1.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/menu/checkmark2-light.png)
Source: chromecache_111.1.dr, chromecache_133.1.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/menu/checkmark2.png)
Source: chromecache_92.1.dr, chromecache_103.1.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_87.1.dr, chromecache_96.1.dr	String found in binary or memory: https://support.google.com/websearch/answer/106230
Source: chromecache_87.1.dr, chromecache_101.1.dr, chromecache_95.1.dr, chromecache_96.1.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_113.1.dr, chromecache_107.1.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_118.1.dr, chromecache_115.1.dr, chromecache_131.1.dr	String found in binary or memory: https://www.google.com
Source: chromecache_131.1.dr	String found in binary or memory: https://www.google.com"
Source: chromecache_110.1.dr	String found in binary or memory: https://www.google.com/_/og/promos/
Source: chromecache_131.1.dr	String found in binary or memory: https://www.google.com/images/hpp/ic_wahlberg_product_core_48.png8.png
Source: chromecache_110.1.dr	String found in binary or memory: https://www.google.com/intl/en/about/products
Source: chromecache_87.1.dr, chromecache_101.1.dr, chromecache_95.1.dr, chromecache_96.1.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: chromecache_92.1.dr, chromecache_103.1.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_131.1.dr	String found in binary or memory: https://www.google.com/url?q
Source: chromecache_110.1.dr	String found in binary or memory: https://www.google.com/url?q=https://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_s
Source: chromecache_107.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_107.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_131.1.dr	String found in binary or memory: https://www.gstatic.com
Source: chromecache_131.1.dr	String found in binary or memory: https://www.gstatic.com/_/boq-one-google/_/r/
Source: chromecache_131.1.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.yz8dGmsqVEg.
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chromecache_115.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_118.1.dr, chromecache_115.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_110.1.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.eBPYdy5TlKU.2019.O/rt=j/m=qabr
Source: chromecache_110.1.dr	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.fSHv1dvvroY.L.W.O/m=qcwid
Source: chromecache_103.1.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49790 version: TLS 1.2

Source: classification engine

Classification label: sus20.phis.win@18/82@22/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1940,i,7030115413195500539,14222212199095660019,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com.bo/url?url=https://lquoytskrlgpgnui&xwi=kbuzszc&lvndxc=qgp&exsci=jlrwlq&cgr=rfzonuz&hkxqn=tjdkfz&nfxv=nflxzvbj&cqfuqhbsmm=dlqdymgwer&q=amp/dobngcx.ty%c2%adtu%c2%admfqzuu%c2%adtde%c2%add%c2%adh%c2%ad.com/vd4wjea7t&svtx=qlrshkg&ugahrok=gkmn&hrsst=xtcvsi&ozefmvx=wgg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1940,i,7030115413195500539,14222212199095660019,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: _.ndb=function(a,b,c,d){_.eoa()&&_.foa.get(a)&&(a=_.Te.get(a),!c&&b&&(c=_.Ue(b)),_.Je(b\|\|document.body,a,{element:b,dataset:c,event:d,jL:void 0,nxb:!0}))};_.odb=function(a,b,c){_.Xga(a,c);return _.tb(a,2,_.Wea(b),_.La())};_.pdb=function(a){return a.previousElementSibling!==void 0?a.previousElementSibling:_.wAa(a.previousSibling,!1)};qdb=function(a,b,c,d,e,f,g){_.cm.call(this,a);this.clientX=c;this.clientY=d;this.left=f!==void 0?f:b.deltaX;this.top=g!==void 0?g:b.deltaY;this.ka=b};_.hh(qdb,_.cm); source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: _.pDb=_.J("zbW2Cf");_.qDb=_.J("OZ3M7e"); source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: [];f=JNb(f,c);!f&&b&&(b=e?a.slice(0,d):a,f=JNb(b,c));return f},LNb=function(a,b){for(var c=a.length-1;c>=0;c--){var d=a[c];if(_.XLb(d,b))return d}},MNb=function(a,b){var c=b===void 0?{}:b;b=c.threshold===void 0?0:c.threshold;c=c.wrap===void 0?!0:c.wrap;var d=INb(a);a=d.pDb;d=d.k9b;var e=d>=0&&d<a.length,f=e?a.slice(0,d+1):[];f=LNb(f,b);!f&&c&&(c=e?a.slice(d+1):a,f=LNb(c,b));return f},NNb=function(a){(0,_.un)(function(){throw a;},0)},ONb=function(a,b){var c;return(c=a.reverse().find(function(d){return d.Ua=== source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: a.Yf.Su("bs",r.body.length);e.push(r.body);break;case 4:t=document.createElement("script");_.Ok.vY(t,_.Cyb(r.body));x=document.createElement("div");x.appendChild(t);e.push(x.innerHTML);break;case 5:z=_.QDb(r.body,_.cHb,function(){return _.fd(Error("th`"+r.body.substr(0,100)),{Of:{l:""+r.body.length,t:a.Zz}})});f=_.mf(z,_.PDb,1,_.nf());g=_.Ch(z,_.Hyb,3)?_.u(z,_.Hyb,3):void 0;break;case 8:B=JSON.parse(r.body);h=Object.assign(h\|\|{},B);break;case 9:break;case 6:case 3:throw Error("uh");case 11:return V.Db(2); source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: var INb=function(a){if(!document.body.contains(a))throw Error("Yf");var b=Array.from(document.body.querySelectorAll("[tabindex], a, input, textarea, select, button"));a=_.$aa(b,a,_.zAa);if(a>=0)return{pDb:b,k9b:a-1,j9b:a+1};a=-a-1;return{pDb:b,k9b:a-1,j9b:a}},JNb=function(a,b){for(var c=0;c<a.length;c++){var d=a[c];if(_.XLb(d,b))return d}},KNb=function(a){var b={};var c=b.threshold===void 0?0:b.threshold;b=b.wrap===void 0?!0:b.wrap;var d=INb(a);a=d.pDb;d=d.j9b;var e=d>=0&&d<a.length,f=e?a.slice(d): source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: _.PDb=function(a){this.Da=_.n(a)};_.C(_.PDb,_.q);_.PDb.prototype.getId=function(){return _.E(this,1)};_.PDb.prototype.ka=function(){return _.E(this,2)}; source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: _.pHb(g,f.target.element)}).then(void 0,function(g){_.Qgc(f.target,"error");throw g;})},Rgc=function(a,b,c,d,e,f,g){return Pgc(a,b,c,d,e,g).fetch().then(function(h){f?f(b):b.log();return h})},Sgc=function(a,b){var c=new Map;b&&(c=zgc(b));c.set("google_abuse",a);return b=Object.fromEntries(c)},Tgc=function(a){_.fd(a,{Of:a.details})},Ugc=function(){_.loa("async",{u:function(a){a=a.qb.el();Ogc(a).then(void 0,Tgc)}});Ggc()},Vgc=_.Sb(_.Hyb),Wgc=_.Sb(_.PDb),Xgc=function(a,b){this.ka=b;this.cache=_.ke(_.ba.ka? source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: var sDb;sDb=function(a){_.rDb=_.td();_.Ne(document,_.pDb,a);return new _.xf(function(b){window.addEventListener("message",function e(d){d.data.type==="dosCookie"&&(window.removeEventListener("message",e),_.Ne(document,_.qDb),b(decodeURIComponent(d.data.exemptionCookie)))})})};_.rDb=null;_.tDb=sDb;_.uDb=!1; source: chromecache_92.1.dr, chromecache_103.1.dr
Source:	Binary string: _.Odb=function(a,b){return Ndb(a.QN,b).then(function(c){if(c.size()>0)return c.Yc(0);throw _.MKa(a,b);})};_.nr=function(a,b,c){b=_.qg(b);return new _.lg(_.rf(a.QN,b,c))};_.or=function(a,b,c){b=_.qg(b);b=_.nr(a,b,c);if(b.size()>=1)return b.Yc(0);throw _.MKa(a,c);};_.Pdb=function(a,b){return _.Rn(a,'[jsname="'+b+'"]')};_.Qdb=function(a){a.oa=null;if(a.oL){if(a.oa){var b=a.oa;b.Oc=a.oL;b.render()}else _.yc(a.oL,_.Nk);_.Wl.Rb(a.oL,!!a.oa)}};_.Rdb=function(a,b){a.fRa=b;a.AP&&_.Wl.Rb(a.AP,a.fRa)}; source: chromecache_87.1.dr, chromecache_96.1.dr
Source:	Binary string: bHb=function(a,b){$Gb(_.Cyb(aHb(a,null,"script")),b)};dHb=function(a,b){var c=_.QDb(a,_.cHb,function(){_.fd(Error("If`"+a.substring(0,100)),{Of:{l:a.length.toString(),t:b}})});_.ba.W_jd\|\|(_.ba.W_jd={});for(var d=_.Ra(_.mf(c,_.PDb,1,_.nf())),e=d.next();!e.done;e=d.next())e=e.value,_.ba.W_jd[e.getId()]=JSON.parse(e.ka());_.Ch(c,_.Hyb,3)&&_.Lyb(_.u(c,_.Hyb,3))}; source: chromecache_92.1.dr, chromecache_103.1.dr

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1528827
Product:	CloudBasic
Start time:	10:28:30
Start date:	08.10.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs