Windows Analysis Report
Invoice INV-0003.pdf

Overview

General Information

Sample name:	Invoice INV-0003.pdf
Analysis ID:	1432212
MD5:	bb2c9ef5ae7baab6b4b2149e0b079506
SHA1:	8b8a386f503169e5cf84e68e30f7c94d64c8be21
SHA256:	ed8acf198b741d8f45bb39f078000262a73267414251948cb5b12da679ee3357
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Stores files to the Windows start menu directory

Classification

Signatures

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49706 version: TLS 1.2

Source:	Binary string: _.Vdb=_.C("EEDORb",[_.Gdb,_.Mdb,_.Pdb]); source: chromecache_265.16.dr
Source:	Binary string: _.ku=function(a,b,c,d){var e=void 0===d?{}:d;d=void 0===e.Es?!0:e.Es;e=void 0===e.preventScroll?!1:e.preventScroll;_.PDb(a,b,{Es:d,preventScroll:e});c?_.QDb(a,b,c,{Es:d,preventScroll:e}):b.el().contains(_.Ol(a.oa.Ih()))\|\|RDb(a,b,{Es:d,preventScroll:e})}; source: chromecache_248.16.dr
Source:	Binary string: a.service.yj;this.PDb=a.Kd.PDb};_.G(Wtk,_.F);Wtk.Ga=function(){return{service:{j4b:_.Rtk,yj:_.KE},Kd:{PDb:"Fd92vb"}}}; source: chromecache_256.16.dr
Source:	Binary string: _.Qdb=function(a){_.xn.call(this,a.Ka)};_.G(_.Qdb,_.xn);_.Qdb.nb=_.xn.nb;_.Qdb.Ga=function(){return{}};_.Qdb.prototype.oa=function(a){return _.Xbb(a)};_.zn(_.Pdb,_.Qdb); source: chromecache_265.16.dr
Source:	Binary string: _.PDb=function(a,b,c){c=void 0===c?{}:c;var d=void 0===c.Es?!0:c.Es,e=void 0===c.preventScroll?!1:c.preventScroll;c=SDb(a);var f=SDb(a);_.oe(c.el(),"focus",function(){this.gzb(b,{Es:d,preventScroll:e})},a);_.oe(f.el(),"focus",function(){_.TDb(this,b,{Es:d,preventScroll:e})},a);b.children().first().before(c);b.append(f)}; source: chromecache_248.16.dr
Source:	Binary string: Wtk.prototype.wa=function(){var a=this;this.ka\|\|(this.ka=!0,this.j4b.ABa().then(function(){a.ka=!1;a.yj.reload()},function(){Xtk(a)}))};Wtk.prototype.oa=function(){var a=this;this.ka\|\|(this.ka=!0,Vtk(this.j4b).then(function(){a.ka=!1;a.yj.reload()},function(){Xtk(a)}))};var Xtk=function(a){a.PDb&&(a.PDb.setTimeout(3E4),a.PDb.show());a.ka=!1};_.J(Wtk.prototype,"XZ94se",function(){return this.oa});_.J(Wtk.prototype,"xoizsc",function(){return this.wa});_.J(Wtk.prototype,"i3viod",function(){return this.Aa}); source: chromecache_256.16.dr
Source:	Binary string: _.Pdb=_.C("aurFic"); source: chromecache_265.16.dr
Source:	Binary string: _.fcf=function(a){_.iu.call(this,a.Ka);this.ka=!1;this.container=new _.Vf([]);this.Ba=!1;this.Aa=[];this.wa=[];this.Ha=new _.ODb(null)};_.G(_.fcf,_.iu);_.fcf.nb=_.iu.nb;_.fcf.Ga=_.iu.Ga;_.fcf.prototype.isOpen=function(){return this.ka};_.fcf.prototype.open=function(a,b,c){c=void 0===c?!1:c;this.ka\|\|(this.Ha=new _.ODb(document.activeElement),this.Ja=_.oe(a.el(),_.QCb,this.Qa,this),this.container=a,gcf(this,a),c?_.PDb(this,a):_.ku(this,a,b),this.ka=this.Ba=!0)}; source: chromecache_248.16.dr

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.94.108.142 104.94.108.142
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.50.112.54
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DWP23o5EnE1h4Lz&MD=RHUsShKZ HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DWP23o5EnE1h4Lz&MD=RHUsShKZ HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGOWRr7EGIjBl3Z8mdV7iuQlXx3vrRkL4AVRIBUGOwGPzUYmxiw-erxFt5zhM4ErcjFfPkRW3OPQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=aAgFRJ-84LrbS9myeZFj7--hl8Dl4FLDUfiX76lTQbi2Vo5UrN8T2kyvmso5OxT9Qmo7_JvmFUzyGh_QG94RwcSkdq4r-AqUEAYA_OpqVQNBnMyLpAmzfueFr-LWRkcvSxq62OizXI3GcnHQUmK96YelFaRGPMZALMKDlzywC7E
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGOWRr7EGIjAHwueNDSQI-WXeAdig1ilxcW5kJRzd2zjnuDDx24OkMugOmCswnljnlrWZEzXJrwEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=1&oit=4&cp=1&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=10&oit=4&cp=2&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104&oit=4&cp=3&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.&oit=4&cp=4&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94&oit=4&cp=6&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.&oit=4&cp=7&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.1&oit=4&cp=8&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109&oit=4&cp=10&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.&oit=4&cp=11&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.1&oit=3&cp=12&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.142&oit=3&cp=14&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.142%3A&oit=3&cp=15&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.142&oit=3&cp=14&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.142443&oit=4&cp=17&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /search?q=104.94.109.142443&oq=104.94.109.142443&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA&sourceid=chrome&ie=UTF-8 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/search%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGPORr7EGIjAjT-is8k6Uwm1EagwkXv7b_3Y6lH1AXZSE6X-OCgzMA9YBQPBGvSt1H2oAX7BK9VoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGPORr7EGIjAjT-is8k6Uwm1EagwkXv7b_3Y6lH1AXZSE6X-OCgzMA9YBQPBGvSt1H2oAX7BK9VoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&s=KAN_iKlHLO8R0NKiNKk0WWR6Z4gU4gG-TPOCOwjgtQNuPSfT4mukUg8B3rgwcZpUeZThhdud0p8kEuaohNHeLAcLw0ux1hPsgJBn1gjdnNI3jWHwexkcVfz0HXBxWL9dURbBXp0dPLOVXmf9O3riZSDttRSH47QuZk9GsRQYh5pRA1fVKpGZKKvfHwMuWe6uuVUYxRa19V86h5I4JU8bMZfoqXUPctpZ7ib1akxUq5T0kaC4wuEFOI8V6PwRbaxi1ink_9AZRHy9f4zmxv7kclRLhUX4SKM&cb=7zgrwx65alt9 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGPORr7EGIjAjT-is8k6Uwm1EagwkXv7b_3Y6lH1AXZSE6X-OCgzMA9YBQPBGvSt1H2oAX7BK9VoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&s=KAN_iKlHLO8R0NKiNKk0WWR6Z4gU4gG-TPOCOwjgtQNuPSfT4mukUg8B3rgwcZpUeZThhdud0p8kEuaohNHeLAcLw0ux1hPsgJBn1gjdnNI3jWHwexkcVfz0HXBxWL9dURbBXp0dPLOVXmf9O3riZSDttRSH47QuZk9GsRQYh5pRA1fVKpGZKKvfHwMuWe6uuVUYxRa19V86h5I4JU8bMZfoqXUPctpZ7ib1akxUq5T0kaC4wuEFOI8V6PwRbaxi1ink_9AZRHy9f4zmxv7kclRLhUX4SKM&cb=7zgrwx65alt9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /js/bg/lkTXq49YG5_ej1w7m4T9Nw_1Lx1Ocd1gteWQpsfV_Tk.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&s=KAN_iKlHLO8R0NKiNKk0WWR6Z4gU4gG-TPOCOwjgtQNuPSfT4mukUg8B3rgwcZpUeZThhdud0p8kEuaohNHeLAcLw0ux1hPsgJBn1gjdnNI3jWHwexkcVfz0HXBxWL9dURbBXp0dPLOVXmf9O3riZSDttRSH47QuZk9GsRQYh5pRA1fVKpGZKKvfHwMuWe6uuVUYxRa19V86h5I4JU8bMZfoqXUPctpZ7ib1akxUq5T0kaC4wuEFOI8V6PwRbaxi1ink_9AZRHy9f4zmxv7kclRLhUX4SKM&cb=7zgrwx65alt9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGPORr7EGIjAjT-is8k6Uwm1EagwkXv7b_3Y6lH1AXZSE6X-OCgzMA9YBQPBGvSt1H2oAX7BK9VoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGPORr7EGIjAjT-is8k6Uwm1EagwkXv7b_3Y6lH1AXZSE6X-OCgzMA9YBQPBGvSt1H2oAX7BK9VoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA4usRjYkJfr9srSp2HD4-ZZAVZywMgBTv-cvcNDNMdzhtedLDEkllNnkQiQBbtl3h4As3V2Iew446Zxj5dcFMe0MMOrTyv4ts3-hjod8380h_vsvEgOVv7dHXvzSlPNaf0Z9uZQr8h58zsC5_C-Yi198SrWQsa7MZ5u3dpR8HcvIT4q5vas_t9yZ6LuKTyDOaezHVWLaYozqtkSHXw9w1wzsX9jSQ&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AEdsM9PDFaukKvlTlHSflSkwqygHONJPfvWK7qQ1uvIFU_r50US66f4O1u9-2AWCLMB8FOo6Nmt9GdiEovjwKxM; 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA6u0-JMSOaecoCXHzdsX-xxrcVrgCsTYc59nt6KMq8BRd5Ex-67_RPGwRPMTEZi8lNpFhlcgy5Y7-wQWe2KnHVK5ZfToZL-Vmn0Gttkh5Yl8o5rao17hCvwzK1zjndSb_zIf76VRoc2NtYot5-zOEOdfcEXA6g2mN7FHkMnr0u6AnUZuYajaPHwihB0Zx4V6YIUYxUYXrwQdWApHkKoki170EAOfQ&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&id=ced8fd5d7352b74 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AEdsM9PDFaukKvlTlHSflSkwqygHONJPfvWK7qQ1uvIFU_r50US66f4O1u9-2AWCLMB8FOo6Nmt9GdiEovjwKxM; 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA4qo7BvEsw6c5x7L0zWkwDxk41s4QXBFq-UTbLoYi4mYg5pWAHsT9vh8DMhbPPHIyjECIZ4cYU41ywyA8hdRigYZQJnKI4_I3uv32GImq_xmDdqm2nF9i9bAfGu7AlTCwBDt7YWEwIJ3RtEJzTJZfrDDqE8Eyg8H6v_CVaI8sLZw3REAQxg9HgOdQ_aRKGSEE8JfJrWqTp2iL71Gqv5cBxUH_2LMA&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&id=d14cdf2cf524340b HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AEdsM9PDFaukKvlTlHSflSkwqygHONJPfvWK7qQ1uvIFU_r50US66f4O1u9-2AWCLMB8FOo6Nmt9GdiEovjwKxM; 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA4qo7BvEsw6c5x7L0zWkwDxk41s4QXBFq-UTbLoYi4mYg5pWAHsT9vh8DMhbPPHIyjECIZ4cYU41ywyA8hdRigYZQJnKI4_I3uv32GImq_xmDdqm2nF9i9bAfGu7AlTCwBDt7YWEwIJ3RtEJzTJZfrDDqE8Eyg8H6v_CVaI8sLZw3REAQxg9HgOdQ_aRKGSEE8JfJrWqTp2iL71Gqv5cBxUH_2LMA&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&id=abd561db531187e4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AEdsM9PDFaukKvlTlHSflSkwqygHONJPfvWK7qQ1uvIFU_r50US66f4O1u9-2AWCLMB8FOo6Nmt9GdiEovjwKxM; 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA5n2WF8wv-ME7L61a1BMVDol7SKjmXRzD04LO-5qnc5Yo-7Uv3YESGK03INgkSkcBpqFw2IVRslTj_HEYCSE0bVNqb0YyT3pUC2Pe29yUaioY0zttD_Tipl2_G5Tpu8XD-YvFrTqIJ61dTX4sv2npmlKj-lwoCG7y0yslq1m5awBb8XY2F4ks8gOphnefktV5tmjcSue1lYveyn69HCB7uZNEAi1g&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&id=1868db878e889a63 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AEdsM9PDFaukKvlTlHSflSkwqygHONJPfvWK7qQ1uvIFU_r50US66f4O1u9-2AWCLMB8FOo6Nmt9GdiEovjwKxM; 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /search?q=104.94.109.142443&oq=104.94.109.142443&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA&sourceid=chrome&ie=UTF-8&google_abuse=GOOGLE_ABUSE_EXEMPTION%3DID%3D211ac792a2de2ae0:TM%3D1714145544:C%3Dr:IP%3D102.129.152.220-:S%3DbW_BRuXgiNkknohxpUtoqJ0%3B+path%3D/%3B+domain%3Dgoogle.com%3B+expires%3DFri,+26-Apr-2024+18:32:24+GMT HTTP/1.1Host: www.google.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGPORr7EGIjAjT-is8k6Uwm1EagwkXv7b_3Y6lH1AXZSE6X-OCgzMA9YBQPBGvSt1H2oAX7BK9VoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /search?q=104.94.109.142443&oq=104.94.109.142443&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA&sourceid=chrome&ie=UTF-8 HTTP/1.1Host: www.google.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGPORr7EGIjAjT-is8k6Uwm1EagwkXv7b_3Y6lH1AXZSE6X-OCgzMA9YBQPBGvSt1H2oAX7BK9VoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.s.GGin1mxRzvU.L.W.O/am=gB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKACAmXAAAsCGAADgg0MAAIAAAAACAACAwgEAABAgIABgAAAgAAAAAAAAHAABAAAgBAACBECAAJIQkIEAAEQwwQCkAgDDjwAAIIAEAAAAoEAAAAEDESA8hAABgACQQAQCIIIAACAHCAEAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAQ/d=1/ed=1/br=1/rs=ACT90oGSC2kJ5MOZFnDJZQWz14iwbMFYQQ/m=attn,cdos,gwc,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=b51YpLo4VR1MIeifPjI6wC1AZiY3GgI94kQnKHVX8ICBbDBgB6C1XG4hPNwsOPh0zeb4QtsPOdjysJlWqeTZk0yQDpcqoBuOXBu5GHyB2hq29z3ahDw9JiGpGyYTB1lqXMlrGtwa4kVVcxFGFVSG8PXDFAkU-VSj6gACLVMtelxQalQ9CTU
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/2x/googlelogo_color_92x30dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=b51YpLo4VR1MIeifPjI6wC1AZiY3GgI94kQnKHVX8ICBbDBgB6C1XG4hPNwsOPh0zeb4QtsPOdjysJlWqeTZk0yQDpcqoBuOXBu5GHyB2hq29z3ahDw9JiGpGyYTB1lqXMlrGtwa4kVVcxFGFVSG8PXDFAkU-VSj6gACLVMtelxQalQ9CTU
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/search?q=104.94.109.142443&oq=104.94.109.142443&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA&sourceid=chrome&ie=UTF-8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=b51YpLo4VR1MIeifPjI6wC1AZiY3GgI94kQnKHVX8ICBbDBgB6C1XG4hPNwsOPh0zeb4QtsPOdjysJlWqeTZk0yQDpcqoBuOXBu5GHyB2hq29z3ahDw9JiGpGyYTB1lqXMlrGtwa4kVVcxFGFVSG8PXDFAkU-VSj6gACLVMtelxQalQ9CTU
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=1/ed=1/dg=2/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KeeMUb:HiPxjc;KpRAue:Tia57b;LBgRLc:XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;PqHfGe:im2cZe;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bDXwRe:UsyOtc;bFZ6gf:gU6kfd;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:VruDBd;eHDfl:ofjVkb;eO3lse:nFClrf;fWLTFc:TVBJbf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;p2tIDb:tp1Cx;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qGV2uc:HHi04c;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uknmt:GkPrzb;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;xbe2wc:uRMPBc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=attn,cdos,gwc,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google
Source: global traffic	HTTP traffic detected: GET /verify/AAtmn1bTSyw2hAKlZ3LnbiQ1Wqu5634m12FM1sn670oINgsM5w6AM4xkxQt_rNluBR52tCI5NrrO_xyQcOfIPkLWLk9JFqI6z1l0UNJetPNOAxmS HTTP/1.1Host: id.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=b51YpLo4VR1MIeifPjI6wC1AZiY3GgI94kQnKHVX8ICBbDBgB6C1XG4hPNwsOPh0zeb4QtsPOdjysJlWqeTZk0yQDpcqoBuOXBu5GHyB2hq29z3ahDw9JiGpGyYTB1lqXMlrGtwa4kVVcxFGFVSG8PXDFAkU-VSj6gACLVMtelxQalQ9CTU
Source: global traffic	HTTP traffic detected: GET /compressiontest/gzip.html HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz-serp&xssi=t&gs_pcrt=2&hl=en&authuser=0&pq=104.94.109.142443&psi=C8krZr7QHOyTwbkPuNyGwAw.1714145550203&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV
Source: global traffic	HTTP traffic detected: GET /complete/search?q=104.94.109.142443&cp=0&client=gws-wiz-serp&xssi=t&gs_pcrt=3&hl=en&authuser=0&pq=104.94.109.142443&psi=C8krZr7QHOyTwbkPuNyGwAw.1714145550203&dpr=1&ofp=EAE HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV
Source: global traffic	HTTP traffic detected: GET /complete/search?q=104.94.109.142443&cp=0&client=gws-wiz-serp&xssi=t&gs_pcrt=undefined&hl=en&authuser=0&pq=104.94.109.142443&psi=C8krZr7QHOyTwbkPuNyGwAw.1714145550203&dpr=1&ofp=EAE HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=3/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/ck=xjs.s.GGin1mxRzvU.L.W.O/am=gB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKYGgmXAACsCGIADgg0MAAMAQAABCAAjA5oEKARQhIABgAIAggZ__BAAAHACBAQAgZAICBEC4AJIQkIMAAEQwwQCkAgDDjwAAIIAEAAAcoMB-AAEDESA8hAABgACYYPwDoIIAICQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=1/exm=SNUn3,attn,cEt90b,cdos,csi,d,dtl0hd,eHDfl,gwc,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/excm=ABxRVc,AD6AIb,AOTkuc,CVVp5c,FmnE6b,KYXthe,KiXlnd,NsEUGe,Ok4XMd,Ollhtb,PlCTlc,RP6nyf,SpjoE,Ut0TMc,VL58m,WFRJOb,WuIPnb,ZGLUZ,ZrXR8b,bXyZdf,fNMhz,gKO30e,hU1IHe,hWJjIf,rL2AR,xB2dQd,y25qZb,yChgtb/ed=1/dg=0/br=1/ujg=1/rs=ACT90oFHhWzRDSD7HZXJ5E0CbPv4n89phQ/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KeeMUb:HiPxjc;KpRAue:Tia57b;LBgRLc:XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;PqHfGe:im2cZe;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bDXwRe:UsyOtc;bFZ6gf:gU6kfd;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:VruDBd;eHDfl:ofjVkb;eO3lse:nFClrf;fWLTFc:TVBJbf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;p2tIDb:tp1Cx;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qGV2uc:HHi04c;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uknmt:GkPrzb;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;xbe2wc:uRMPBc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=Eox39d,GElbSc,HYSCof,KHourd,ajbYod,pHXghd,tIj4fb,vrkJ0e,xdV1C?xjs=s1 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-m
Source: global traffic	HTTP traffic detected: GET /client_204?atyp=i&biw=1034&bih=870&ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=rcm&cad=&ei=C8krZr7QHOyTwbkPuNyGwAw&ved=0ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ39UDCAw&jsname=gLFyf&zx=1714145552364&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=rcm&cad=&ei=C8krZr7QHOyTwbkPuNyGwAw&ved=0ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ39UDCAw&jsname=gLFyf&zx=1714145552380&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=rcm&cad=&ei=C8krZr7QHOyTwbkPuNyGwAw&ved=0ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ39UDCAw&jsname=gLFyf&zx=1714145552500&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.s.GGin1mxRzvU.L.W.O/am=gB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKACAmXAAAsCGAADgg0MAAIAAAAACAACAwgEAABAgIABgAAAgAAAAAAAAHAABAAAgBAACBECAAJIQkIEAAEQwwQCkAgDDjwAAIIAEAAAAoEAAAAEDESA8hAABgACQQAQCIIIAACAHCAEAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAQ/d=0/br=1/rs=ACT90oGSC2kJ5MOZFnDJZQWz14iwbMFYQQ/m=y05UD,sy13c,sy1k1,sy1qj,sy1pf,sy1qq,sy2fh,sy13j,sy1pb,sy1pc,sy1pd,sy1qy,sy16x,sy3hx,sy6z8,epYOx,L1AAkb?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=sb_wiz,aa,abd,sy1ee,sy1ek,sy1el,sy1ej,sy1em,sy1yg,async,bgd,sy3z4,sy3z5,foot,sy2jo,sy6iz,kyn,sy1k9,lli,sf,sy1e8,sy1e9,sy3fx,sonic,TxCJfd,sy6y9,sy6ya,qzxzOb,IsdWVc,sy15m,sy170,sy173,sy316,sy6y8,syeq,sy155,sy6yc,spch,tl,MpJwZc,UUJqVe,sy7m,sOXFj,sy7l,s39S4,NTMZac,nAFL3,oGtAuc,sy8f,sy8g,q0xTif,y05UD,sy12g,sy13c,sy13a,sy13b,sy13e,sy13g,sy13h,sy13d,sy13i,sy1k1,sy1k2,sy1ph,sy1pi,sy1qf,sy1qj,sy1p9,sy1qn,sy1pr,sy1pf,sy1po,sy1pp,sy1qq,sy1qr,sy2ge,sy2gf,sy2fh,sy2lf,sy13j,sy13k,sy1pb,sy1pc,sy1pd,sy13x,sy1pg,sy175,sy1pj,syf2,sy142,sy1pk,sy1pl,sy1pm,sy1qy,sy1r0,sy16x,sy3hx,sy3hy,sy6z8,epYOx,synw,synv,rtH1bd,syo2,syxb,syxr,syo0,sy1ef,sy1eg,sy1eh,sy2ot,sy2ou,sy2ov,EkevXb,syzp,syzq,syzr,syzo,syzs,syzn,sy1cd,SMquOb,syzy,sy1ce,sy1cf,sy1cg,sy1ch,sy1ci,d5EhJe,sy1cj,sy1ck,sy1cl,syzt,syzu,sy1au,sy1cn,sy1co,zx30Y,syyf,sy1d9,sy1da,sy1db,sy1dc,sy1dd,sy1df,sy1de,T1HOxc,sy1dh,sy1di,DQfvme,syzl,sy1dj,Wo3n8,synz,L1AAkb,sy1f2,SZXsif,sy1zj,fiAufb,syn5,syos,syor,sy2xd,sy3yf,sy40p,sy40q,sy40o,sy4e7,sYEX8b,sy4u7,GU4Gab,sy3a5,T5VV,sy1zu,aDVF7,sy4u9,rhYw1b,E9M6Uc,Zilivc,syzw,sy11c,sy1cp,sy10i,sy10j,sy10e,sy10f,sy10g,sy10h,sy10d,sy10l,sy10m,sy10k,sy10n,sy10o,sy113,sy114,sy10u,sy10y,sy10z,sy110,sy111,sy10v,sy115,sy112,sy10s,sy10t,sy10r,sy10q,sy12p,sy1ii,sy1ik,sy1ij,sy1im,sy1il,sy1ip,sy1io,sy2mu,sy2mx,sy2n5,sy2n2,sy2n6,sy116,sy118,sy119,sy2mv,sy2n7,sy2n9,Hlw0zd,M6QgBb,sy2ni,sy2nj,EO13pd,RagDlc?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySw
Source: global traffic	HTTP traffic detected: GET /logos/fnbx/zrp/full_yeti.json HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /async/asyncContextualTask?vet=12ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ4dMLegQIBRAA..i&ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449&yv=3&cid=10943804590251964565&cs=0&async=_k:xjs.s.en_US.DNHITQOYOgk.O,_am:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.s.GGin1mxRzvU.L.W.O%2Fam%3DgB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKACAmXAAAsCGAADgg0MAAIAAAAACAACAwgEAABAgIABgAAAgAAAAAAAAHAABAAAgBAACBECAAJIQkIEAAEQwwQCkAgDDjwAAIIAEAAAAoEAAAAEDESA8hAABgACQQAQCIIIAACAHCAEAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAQ%2Fbr%3D1%2Frs%3DACT90oGSC2kJ5MOZFnDJZQWz14iwbMFYQQ,_fmt:prog,_id:rNi7Zc HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-DoS-Behavior: Embedsec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /async/asyncContextualTask?vet=12ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ4dMLegQICBAA..i&ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449&yv=3&cid=10194214981100978668&cs=0&async=_k:xjs.s.en_US.DNHITQOYOgk.O,_am:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.s.GGin1mxRzvU.L.W.O%2Fam%3DgB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKACAmXAAAsCGAADgg0MAAIAAAAACAACAwgEAABAgIABgAAAgAAAAAAAAHAABAAAgBAACBECAAJIQkIEAAEQwwQCkAgDDjwAAIIAEAAAAoEAAAAEDESA8hAABgACQQAQCIIIAACAHCAEAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAQ%2Fbr%3D1%2Frs%3DACT90oGSC2kJ5MOZFnDJZQWz14iwbMFYQQ,_fmt:prog,_id:rNi7Zc HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-DoS-Behavior: Embedsec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /async/asyncContextualTask?vet=12ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ4dMLegQIBhAA..i&ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449&yv=3&cid=4586455008918215834&cs=0&async=_k:xjs.s.en_US.DNHITQOYOgk.O,_am:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.s.GGin1mxRzvU.L.W.O%2Fam%3DgB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKACAmXAAAsCGAADgg0MAAIAAAAACAACAwgEAABAgIABgAAAgAAAAAAAAHAABAAAgBAACBECAAJIQkIEAAEQwwQCkAgDDjwAAIIAEAAAAoEAAAAEDESA8hAABgACQQAQCIIIAACAHCAEAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAQ%2Fbr%3D1%2Frs%3DACT90oGSC2kJ5MOZFnDJZQWz14iwbMFYQQ,_fmt:prog,_id:rNi7Zc HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-DoS-Behavior: Embedsec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=uKlGbf,syyj,sy3ze,DpX64d,sy3zf,EufiNb,sy1fp,P10Owf,syy4,syzv,gSZvdb,sy5ul,vTw9Fc,sym1,syoh,syoi,syoj,syok,syol,DPreE,sy2tx,qcH9Lc,sy3l6,ROaKxe,sy3l8,sy3l9,pj8IAe,sy15a,sy37l,sy3lf,sy3zm,YFicMc?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0
Source: global traffic	HTTP traffic detected: GET /async/bgasy?ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449&yv=3&cs=0&async=_fmt:jspb HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-DoS-Behavior: Embedsec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0
Source: global traffic	HTTP traffic detected: GET /client_204?cs=1&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; DV=MwsGE8W4wMoVcJwiBMaOV26pWpWw8Rg
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=sy3zk,sy4e6,w4UyN,sywu,sywv,EbPKJf,sy4tu,sy72c,J9Q59e,sy4tv,a6Sgfb,Tia57b,KpRAue,sy1kd,NyeqM,sy2t9,sy2ta,O9SqHb?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; DV=MwsGE8W4wMoVcJwiBMaOV26pWpWw8Rg
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=sywy,syx0,syx1,WlNQGd,sy2mm,sy2mn,nabPbb,syww,sywx,sywz,CnSW2d,sy1f9,sy1fa,sy1fb,sy1fc,sy1fd,sy1fe,sy4dj,sy6y6,VD4Qme,syf9,BYwJlf,syns,syo1,syo6,VEbNoe,symg,sy2ob,sy2oc,sy5a0,ND0kmf,pjDTFb,sy1wv,sy2t7,sy2tg,sy2th,KgxeNb,sy2tc,khkNpe?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; GZ=Z=0; DV=MwsGE8W4wMoVcJwiBMaOV26pWpWw8Rg; NID=513=MuwO3d2tTlKeMpaSa7jTo2Iys3rkReoLhogoQ0C0QWN2FqxDlYXtN2kNAixJJIOW-CNkY4hm10Uqe38yARSdO7Gxo7dvtK_M8o9JWcmjjFkAANNjgSi8804FyZUctEVzDKzjCdjGBPBAgoXMLOuzHzhXZWZ3ANyUm77nTHR-0LL8wiRV3_2mU9X8E4_mOabgCfm-2gREqcE
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=syfc,syfd,aLUfP?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; GZ=Z=0; DV=MwsGE8W4wMoVcJwiBMaOV26pWpWw8Rg; NID=513=MuwO3d2tTlKeMpaSa7jTo2Iys3rkReoLhogoQ0C0QWN2FqxDlYXtN2kNAixJJIOW-CNkY4hm10Uqe38yARSdO7Gxo7dvtK_M8o9JWcmjjFkAANNjgSi8804FyZUctEVzDKzjCdjGBPBAgoXMLOuzHzhXZWZ3ANyUm77nTHR-0LL8wiRV3_2mU9X8E4_mOabgCfm-2gREqcE
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=kMFpHd,sy8s,bm51tf?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; GZ=Z=0; DV=MwsGE8W4wMoVcJwiBMaOV26pWpWw8Rg; NID=513=MuwO3d2tTlKeMpaSa7jTo2Iys3rkReoLhogoQ0C0QWN2FqxDlYXtN2kNAixJJIOW-CNkY4hm10Uqe38yARSdO7Gxo7dvtK_M8o9JWcmjjFkAANNjgSi8804FyZUctEVzDKzjCdjGBPBAgoXMLOuzHzhXZWZ3ANyUm77nTHR-0LL8wiRV3_2mU9X8E4_mOabgCfm-2gREqcE
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=C8krZr7QHOyTwbkPuNyGwAw&zx=1714145560773&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; GZ=Z=0; DV=MwsGE8W4wMoVcJwiBMaOV26pWpWw8Rg; NID=513=MuwO3d2tTlKeMpaSa7jTo2Iys3rkReoLhogoQ0C0QWN2FqxDlYXtN2kNAixJJIOW-CNkY4hm10Uqe38yARSdO7Gxo7dvtK_M8o9JWcmjjFkAANNjgSi8804FyZUctEVzDKzjCdjGBPBAgoXMLOuzHzhXZWZ3ANyUm77nTHR-0LL8wiRV3_2mU9X8E4_mOabgCfm-2gREqcE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.142443&oit=4&cp=15&url=https%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&pgcl=9&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=MuwO3d2tTlKeMpaSa7jTo2Iys3rkReoLhogoQ0C0QWN2FqxDlYXtN2kNAixJJIOW-CNkY4hm10Uqe38yARSdO7Gxo7dvtK_M8o9JWcmjjFkAANNjgSi8804FyZUctEVzDKzjCdjGBPBAgoXMLOuzHzhXZWZ3ANyUm77nTHR-0LL8wiRV3_2mU9X8E4_mOabgCfm-2gREqcE; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 104.94.109.142:443Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 104.94.109.142:443Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 104.94.109.142:443Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 104.94.109.142:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 104.94.109.142:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 104.94.109.142:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: id.google.com

Source: unknown

HTTP traffic detected: POST /recaptcha/api2/reload?k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b HTTP/1.1Host: www.google.comConnection: keep-aliveContent-Length: 7790sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-protobufferAccept: */*Origin: https://www.google.comX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g

Source: chromecache_246.16.dr	String found in binary or memory: http://schema.org/SearchResultsPage
Source: Invoice INV-0003.pdf	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: Invoice INV-0003.pdf	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: Invoice INV-0003.pdf	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: chromecache_285.16.dr	String found in binary or memory: http://www.broofa.com
Source: 57976eb8-e795-42a2-ae2a-36f82186c22f.tmp.3.dr, e1a9dfbb-a1c2-45d1-94ed-f4999b77d8cf.tmp.3.dr	String found in binary or memory: https://chrome.cloudflare-dns.com
Source: chromecache_242.16.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_242.16.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_248.16.dr	String found in binary or memory: https://content-push.googleapis.com/upload/
Source: chromecache_242.16.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_242.16.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_242.16.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_248.16.dr	String found in binary or memory: https://embeddedassistant-webchannel.googleapis.com/google.assistant.embedded.v1.EmbeddedAssistant/A
Source: chromecache_285.16.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_285.16.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_285.16.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_285.16.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_274.16.dr	String found in binary or memory: https://lens.google.com
Source: chromecache_248.16.dr	String found in binary or memory: https://lens.google.com/gen204
Source: chromecache_242.16.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_248.16.dr	String found in binary or memory: https://push.clients6.google.com/upload/
Source: chromecache_242.16.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_248.16.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_242.16.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_242.16.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_242.16.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_242.16.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_274.16.dr	String found in binary or memory: https://support.google.com/websearch/answer/106230
Source: chromecache_274.16.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_242.16.dr	String found in binary or memory: https://www.apache.org/licenses/
Source: chromecache_265.16.dr	String found in binary or memory: https://www.google.
Source: chromecache_285.16.dr	String found in binary or memory: https://www.google.com
Source: chromecache_274.16.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: chromecache_265.16.dr	String found in binary or memory: https://www.google.com/logos/fnbx/zrp/full_yeti.json
Source: chromecache_265.16.dr	String found in binary or memory: https://www.google.com/logos/fnbx/zrp/full_yeti_dm.json
Source: chromecache_264.16.dr, chromecache_242.16.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_248.16.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_248.16.dr	String found in binary or memory: https://www.googleapis.com/language/translate/v2
Source: chromecache_242.16.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__.
Source: chromecache_265.16.dr	String found in binary or memory: https://www.gstatic.com/external_hosted/lottie/lottie_light.js
Source: chromecache_285.16.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_285.16.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_285.16.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chromecache_264.16.dr, chromecache_244.16.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js
Source: chromecache_248.16.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49706 version: TLS 1.2

Source: classification engine

Classification label: clean1.winPDF@47/160@4/6

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 17-30-52-579.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice INV-0003.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2268 --field-trial-handle=1568,i,12462945902927182256,8710539947262449294,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1924,i,1629623515606547392,5655261091976178097,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2268 --field-trial-handle=1568,i,12462945902927182256,8710539947262449294,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1924,i,1629623515606547392,5655261091976178097,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: _.Vdb=_.C("EEDORb",[_.Gdb,_.Mdb,_.Pdb]); source: chromecache_265.16.dr
Source:	Binary string: _.ku=function(a,b,c,d){var e=void 0===d?{}:d;d=void 0===e.Es?!0:e.Es;e=void 0===e.preventScroll?!1:e.preventScroll;_.PDb(a,b,{Es:d,preventScroll:e});c?_.QDb(a,b,c,{Es:d,preventScroll:e}):b.el().contains(_.Ol(a.oa.Ih()))\|\|RDb(a,b,{Es:d,preventScroll:e})}; source: chromecache_248.16.dr
Source:	Binary string: a.service.yj;this.PDb=a.Kd.PDb};_.G(Wtk,_.F);Wtk.Ga=function(){return{service:{j4b:_.Rtk,yj:_.KE},Kd:{PDb:"Fd92vb"}}}; source: chromecache_256.16.dr
Source:	Binary string: _.Qdb=function(a){_.xn.call(this,a.Ka)};_.G(_.Qdb,_.xn);_.Qdb.nb=_.xn.nb;_.Qdb.Ga=function(){return{}};_.Qdb.prototype.oa=function(a){return _.Xbb(a)};_.zn(_.Pdb,_.Qdb); source: chromecache_265.16.dr
Source:	Binary string: _.PDb=function(a,b,c){c=void 0===c?{}:c;var d=void 0===c.Es?!0:c.Es,e=void 0===c.preventScroll?!1:c.preventScroll;c=SDb(a);var f=SDb(a);_.oe(c.el(),"focus",function(){this.gzb(b,{Es:d,preventScroll:e})},a);_.oe(f.el(),"focus",function(){_.TDb(this,b,{Es:d,preventScroll:e})},a);b.children().first().before(c);b.append(f)}; source: chromecache_248.16.dr
Source:	Binary string: Wtk.prototype.wa=function(){var a=this;this.ka\|\|(this.ka=!0,this.j4b.ABa().then(function(){a.ka=!1;a.yj.reload()},function(){Xtk(a)}))};Wtk.prototype.oa=function(){var a=this;this.ka\|\|(this.ka=!0,Vtk(this.j4b).then(function(){a.ka=!1;a.yj.reload()},function(){Xtk(a)}))};var Xtk=function(a){a.PDb&&(a.PDb.setTimeout(3E4),a.PDb.show());a.ka=!1};_.J(Wtk.prototype,"XZ94se",function(){return this.oa});_.J(Wtk.prototype,"xoizsc",function(){return this.wa});_.J(Wtk.prototype,"i3viod",function(){return this.Aa}); source: chromecache_256.16.dr
Source:	Binary string: _.Pdb=_.C("aurFic"); source: chromecache_265.16.dr
Source:	Binary string: _.fcf=function(a){_.iu.call(this,a.Ka);this.ka=!1;this.container=new _.Vf([]);this.Ba=!1;this.Aa=[];this.wa=[];this.Ha=new _.ODb(null)};_.G(_.fcf,_.iu);_.fcf.nb=_.iu.nb;_.fcf.Ga=_.iu.Ga;_.fcf.prototype.isOpen=function(){return this.ka};_.fcf.prototype.open=function(a,b,c){c=void 0===c?!1:c;this.ka\|\|(this.Ha=new _.ODb(document.activeElement),this.Ja=_.oe(a.el(),_.QCb,this.Qa,this),this.container=a,gcf(this,a),c?_.PDb(this,a):_.ku(this,a,b),this.ka=this.Ba=!0)}; source: chromecache_248.16.dr

Source: Invoice INV-0003.pdf	Initial sample: PDF keyword /JS count = 0
Source: Invoice INV-0003.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Invoice INV-0003.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.94.108.142	unknown	United States	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.35.228	www.google.com	United States	15169	GOOGLEUS	false
142.250.66.195	id.google.com	United States	15169	GOOGLEUS	false
104.94.109.142	unknown	United States	16625	AKAMAI-ASUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
id.google.com	142.250.66.195	true
www.google.com	142.251.35.228	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_92x30dp.png	false		high
https://www.google.com/gen_204?atyp=csi&ei=C8krZr7QHOyTwbkPuNyGwAw&s=jsa&jsi=s,st.9536,tni.0,atni.243,et.click,n.vZr2rb,cn.4,ie.0,vi.1&zx=1714145552365&opi=89978449	false		high
https://www.google.com/gen_204?atyp=csi&ei=FMkrZpvZMreZwt0PnberCA&s=async&astyp=asyncContextualTask&ima=0&imn=0&mem=ujhs.17,tjhs.21,jhsl.2173,dm.8&nv=ne.2,feid.6b7c86dd-5656-4e17-b8e8-3066ab3bf4fd&hp=&rt=ttfb.1870,st.1870,bs.0,aaft.1870,acrt.1871,art.1871&zx=1714145555853&opi=89978449	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.&oit=4&cp=11&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/gen_204?atyp=i&ei=C8krZr7QHOyTwbkPuNyGwAw&ved=0ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ39UDCAw&bl=jahV&s=web&zx=1714145550199&opi=89978449	false		high
https://www.google.com/recaptcha/api2/userverify?k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b	false		high
https://www.google.com/recaptcha/api2/payload?p=06AFcWeA4usRjYkJfr9srSp2HD4-ZZAVZywMgBTv-cvcNDNMdzhtedLDEkllNnkQiQBbtl3h4As3V2Iew446Zxj5dcFMe0MMOrTyv4ts3-hjod8380h_vsvEgOVv7dHXvzSlPNaf0Z9uZQr8h58zsC5_C-Yi198SrWQsa7MZ5u3dpR8HcvIT4q5vas_t9yZ6LuKTyDOaezHVWLaYozqtkSHXw9w1wzsX9jSQ&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b	false		high
https://www.google.com/search?q=104.94.109.142443&oq=104.94.109.142443&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA&sourceid=chrome&ie=UTF-8	false		high
https://www.google.com/async/bgasy?ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449&yv=3&cs=0&async=_fmt:jspb	false		high
https://www.google.com/xjs/_/ss/k=xjs.s.GGin1mxRzvU.L.W.O/am=gB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKACAmXAAAsCGAADgg0MAAIAAAAACAACAwgEAABAgIABgAAAgAAAAAAAAHAABAAAgBAACBECAAJIQkIEAAEQwwQCkAgDDjwAAIIAEAAAAoEAAAAEDESA8hAABgACQQAQCIIIAACAHCAEAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAQ/d=1/ed=1/br=1/rs=ACT90oGSC2kJ5MOZFnDJZQWz14iwbMFYQQ/m=attn,cdos,gwc,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl	false		high
https://id.google.com/verify/AAtmn1bTSyw2hAKlZ3LnbiQ1Wqu5634m12FM1sn670oINgsM5w6AM4xkxQt_rNluBR52tCI5NrrO_xyQcOfIPkLWLk9JFqI6z1l0UNJetPNOAxmS	false		high
https://www.google.com/async/asyncContextualTask?vet=12ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ4dMLegQIBhAA..i&ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449&yv=3&cid=4586455008918215834&cs=0&async=_k:xjs.s.en_US.DNHITQOYOgk.O,_am:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.s.GGin1mxRzvU.L.W.O%2Fam%3DgB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKACAmXAAAsCGAADgg0MAAIAAAAACAACAwgEAABAgIABgAAAgAAAAAAAAHAABAAAgBAACBECAAJIQkIEAAEQwwQCkAgDDjwAAIIAEAAAAoEAAAAEDESA8hAABgACQQAQCIIIAACAHCAEAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAQ%2Fbr%3D1%2Frs%3DACT90oGSC2kJ5MOZFnDJZQWz14iwbMFYQQ,_fmt:prog,_id:rNi7Zc	false		high
https://www.google.com/gen_204?atyp=i&ei=C8krZr7QHOyTwbkPuNyGwAw&vet=12ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ4dMLegQICBAA.FMkrZviwC9-LwbkP7beSmAM.s&bl=jahV&s=web&zx=1714145555788&opi=89978449	false		high
https://www.google.com/gen_204?atyp=i&ct=rcm&cad=&ei=C8krZr7QHOyTwbkPuNyGwAw&ved=0ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ39UDCAw&jsname=gLFyf&zx=1714145552380&opi=89978449	false		high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false		high
https://www.google.com/gen_204?oq=*****************&gs_lp=Egxnd3Mtd2l6LXNlcnAiESoqKioqKioqKioqKioqKioqSLxxUABYAHAFeACQAQCYAeIIoAHiCKoBAzctMbgBFsgBAJgCAKACAJgDAIgGAZIHAKAHRQ&sclient=gws-wiz-serp&ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449	false		high
https://www.google.com/async/asyncContextualTask?vet=12ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ4dMLegQIBRAA..i&ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449&yv=3&cid=10943804590251964565&cs=0&async=_k:xjs.s.en_US.DNHITQOYOgk.O,_am:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.s.GGin1mxRzvU.L.W.O%2Fam%3DgB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKACAmXAAAsCGAADgg0MAAIAAAAACAACAwgEAABAgIABgAAAgAAAAAAAAHAABAAAgBAACBECAAJIQkIEAAEQwwQCkAgDDjwAAIIAEAAAAoEAAAAEDESA8hAABgACQQAQCIIIAACAHCAEAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAQ%2Fbr%3D1%2Frs%3DACT90oGSC2kJ5MOZFnDJZQWz14iwbMFYQQ,_fmt:prog,_id:rNi7Zc	false		high
https://www.google.com/gen_204?atyp=i&ei=C8krZr7QHOyTwbkPuNyGwAw&ved=0ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ39UDCAw&bl=jahV&s=web&zx=1714145552381&opi=89978449	false		high
https://104.94.109.142:443/	false	Avira URL Cloud: safe	unknown
https://www.google.com/gen_204?atyp=csi&ei=C8krZr7QHOyTwbkPuNyGwAw&s=jsa&jsi=s,st.7364,t.249,at.249,et.click,n.vZr2rb,cn.1,ie.0,vi.1&zx=1714145550198&opi=89978449	false		high
https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=C8krZr7QHOyTwbkPuNyGwAw&zx=1714145560773&opi=89978449	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=10&oit=4&cp=2&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/complete/search?q=104.94.109.142443&cp=0&client=gws-wiz-serp&xssi=t&gs_pcrt=3&hl=en&authuser=0&pq=104.94.109.142443&psi=C8krZr7QHOyTwbkPuNyGwAw.1714145550203&dpr=1&ofp=EAE	false		high
https://www.google.com/gen_204?atyp=i&ei=C8krZr7QHOyTwbkPuNyGwAw&ct=slh&v=t1&im=M&pv=0.14650127985811778&me=55:1714145554525,V,0,0,0,0:6249,V,0,0,1034,870:4089,e,B&zx=1714145564863&opi=89978449	false		high
https://www.google.com/gen_204?s=web&t=cap&atyp=csi&ei=C8krZr7QHOyTwbkPuNyGwAw&rt=wsrt.3948,cbt.197,hst.197&opi=89978449	false		high
https://www.google.com/xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=syfc,syfd,aLUfP?xjs=s3	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.142&oit=3&cp=14&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=kMFpHd,sy8s,bm51tf?xjs=s3	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109&oit=4&cp=10&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/favicon.ico	false		high
https://www.google.com/sorry/index	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.142443&oit=4&cp=17&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/async/asyncContextualTask?vet=12ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ4dMLegQICBAA..i&ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449&yv=3&cid=10194214981100978668&cs=0&async=_k:xjs.s.en_US.DNHITQOYOgk.O,_am:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.s.GGin1mxRzvU.L.W.O%2Fam%3DgB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKACAmXAAAsCGAADgg0MAAIAAAAACAACAwgEAABAgIABgAAAgAAAAAAAAHAABAAAgBAACBECAAJIQkIEAAEQwwQCkAgDDjwAAIIAEAAAAoEAAAAEDESA8hAABgACQQAQCIIIAACAHCAEAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAQ%2Fbr%3D1%2Frs%3DACT90oGSC2kJ5MOZFnDJZQWz14iwbMFYQQ,_fmt:prog,_id:rNi7Zc	false		high
https://www.google.com/gen_204?atyp=i&ei=C8krZr7QHOyTwbkPuNyGwAw&dt19=2&zx=1714145555816&opi=89978449	false		high
https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp	false		high
https://www.google.com/gen_204?atyp=csi&ei=C8krZr7QHOyTwbkPuNyGwAw&s=jsa&jsi=s,st.9793,tni.0,atni.2,et.click,n.vZr2rb,cn.5,ie.0,vi.1&zx=1714145552381&opi=89978449	false		high
https://www.google.com/gen_204?atyp=i&ei=C8krZr7QHOyTwbkPuNyGwAw&ved=0ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ39UDCAw&bl=jahV&s=web&zx=1714145552366&opi=89978449	false		high
https://www.google.com/gen_204?atyp=csi&ei=FMkrZviwC9-LwbkP7beSmAM&s=async&astyp=asyncContextualTask&ima=0&imn=0&mem=ujhs.17,tjhs.21,jhsl.2173,dm.8&nv=ne.2,feid.6b7c86dd-5656-4e17-b8e8-3066ab3bf4fd&hp=&rt=ttfb.1802,st.1803,bs.0,aaft.1803,acrt.1806,art.1806&zx=1714145555787&opi=89978449	false		high
https://www.google.com/gen_204?atyp=i&ct=rcm&cad=&ei=C8krZr7QHOyTwbkPuNyGwAw&ved=0ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ39UDCAw&jsname=gLFyf&zx=1714145552364&opi=89978449	false		high
https://www.google.com/gen_204?atyp=i&ei=C8krZr7QHOyTwbkPuNyGwAw&vet=12ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ4dMLegQIBhAA.FMkrZpvZMreZwt0PnberCA.s&bl=jahV&s=web&zx=1714145555853&opi=89978449	false		high
https://www.google.com/recaptcha/api2/payload?p=06AFcWeA6u0-JMSOaecoCXHzdsX-xxrcVrgCsTYc59nt6KMq8BRd5Ex-67_RPGwRPMTEZi8lNpFhlcgy5Y7-wQWe2KnHVK5ZfToZL-Vmn0Gttkh5Yl8o5rao17hCvwzK1zjndSb_zIf76VRoc2NtYot5-zOEOdfcEXA6g2mN7FHkMnr0u6AnUZuYajaPHwihB0Zx4V6YIUYxUYXrwQdWApHkKoki170EAOfQ&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&id=ced8fd5d7352b74	false		high
https://www.google.com/xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=sb_wiz,aa,abd,sy1ee,sy1ek,sy1el,sy1ej,sy1em,sy1yg,async,bgd,sy3z4,sy3z5,foot,sy2jo,sy6iz,kyn,sy1k9,lli,sf,sy1e8,sy1e9,sy3fx,sonic,TxCJfd,sy6y9,sy6ya,qzxzOb,IsdWVc,sy15m,sy170,sy173,sy316,sy6y8,syeq,sy155,sy6yc,spch,tl,MpJwZc,UUJqVe,sy7m,sOXFj,sy7l,s39S4,NTMZac,nAFL3,oGtAuc,sy8f,sy8g,q0xTif,y05UD,sy12g,sy13c,sy13a,sy13b,sy13e,sy13g,sy13h,sy13d,sy13i,sy1k1,sy1k2,sy1ph,sy1pi,sy1qf,sy1qj,sy1p9,sy1qn,sy1pr,sy1pf,sy1po,sy1pp,sy1qq,sy1qr,sy2ge,sy2gf,sy2fh,sy2lf,sy13j,sy13k,sy1pb,sy1pc,sy1pd,sy13x,sy1pg,sy175,sy1pj,syf2,sy142,sy1pk,sy1pl,sy1pm,sy1qy,sy1r0,sy16x,sy3hx,sy3hy,sy6z8,epYOx,synw,synv,rtH1bd,syo2,syxb,syxr,syo0,sy1ef,sy1eg,sy1eh,sy2ot,sy2ou,sy2ov,EkevXb,syzp,syzq,syzr,syzo,syzs,syzn,sy1cd,SMquOb,syzy,sy1ce,sy1cf,sy1cg,sy1ch,sy1ci,d5EhJe,sy1cj,sy1ck,sy1cl,syzt,syzu,sy1au,sy1cn,sy1co,zx30Y,syyf,sy1d9,sy1da,sy1db,sy1dc,sy1dd,sy1df,sy1de,T1HOxc,sy1dh,sy1di,DQfvme,syzl,sy1dj,Wo3n8,synz,L1AAkb,sy1f2,SZXsif,sy1zj,fiAufb,syn5,syos,syor,sy2xd,sy3yf,sy40p,sy40q,sy40o,sy4e7,sYEX8b,sy4u7,GU4Gab,sy3a5,T5VV,sy1zu,aDVF7,sy4u9,rhYw1b,E9M6Uc,Zilivc,syzw,sy11c,sy1cp,sy10i,sy10j,sy10e,sy10f,sy10g,sy10h,sy10d,sy10l,sy10m,sy10k,sy10n,sy10o,sy113,sy114,sy10u,sy10y,sy10z,sy110,sy111,sy10v,sy115,sy112,sy10s,sy10t,sy10r,sy10q,sy12p,sy1ii,sy1ik,sy1ij,sy1im,sy1il,sy1ip,sy1io,sy2mu,sy2mx,sy2n5,sy2n2,sy2n6,sy116,sy118,sy119,sy2mv,sy2n7,sy2n9,Hlw0zd,M6QgBb,sy2ni,sy2nj,EO13pd,RagDlc?xjs=s3	false		high
https://www.google.com/recaptcha/api2/reload?k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.&oit=4&cp=7&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/client_204?atyp=i&biw=1034&bih=870&ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449	false		high
https://www.google.com/gen_204?atyp=i&ei=C8krZr7QHOyTwbkPuNyGwAw&ct=slh&v=t1&m=HV&pv=0.14650127985811778&me=1:1714145547008,V,0,0,1034,870:0,B,1812:0,N,1,C8krZr7QHOyTwbkPuNyGwAw:0,R,1,9,24,36,92,34:0,R,1,CA0QAA,28,88,1065,57:0,R,1,CA0QAQ,28,88,670,45:0,R,1,CBIQAA,28,88,36,45:0,R,1,CBIQAQ,28,102,36,31:0,R,1,CBEQAA,66,90,66,42:0,R,1,CBEQAQ,66,90,66,42:0,R,1,CA8QAA,133,90,79,42:0,R,1,CA8QAQ,133,90,79,42:0,R,1,CBAQAA,215,90,54,42:0,R,1,CBAQAQ,215,90,54,42:0,R,1,CA4QAA,271,90,63,42:0,R,1,CA4QAQ,271,90,63,42:0,R,1,CAEQAA,28,202,652,1496:0,R,1,CAoQAQ,28,348,652,1350:3217,x:14,T:0,R,1,9,24,36,92,34:0,R,1,CA0QAA,28,88,951,57:0,R,1,CA0QAQ,28,88,670,45:0,R,1,CBIQAA,28,88,36,45:0,R,1,CBIQAQ,28,102,36,31:0,R,1,CBEQAA,66,90,66,42:0,R,1,CBEQAQ,66,90,66,42:0,R,1,CA8QAA,133,90,79,42:0,R,1,CA8QAQ,133,90,79,42:0,R,1,CBAQAA,215,90,54,42:0,R,1,CBAQAQ,215,90,54,42:0,R,1,CA4QAA,271,90,63,42:0,R,1,CA4QAQ,271,90,63,42:0,R,1,CAEQAA,28,202,652,1496:0,R,1,CAoQAQ,28,348,652,1350:7,T:0,R,1,9,24,36,92,34:0,R,1,CA0QAA,28,88,951,57:0,R,1,CA0QAQ,28,88,670,45:0,R,1,CBIQAA,28,88,36,45:0,R,1,CBIQAQ,28,102,36,31:0,R,1,CBEQAA,66,90,66,42:0,R,1,CBEQAQ,66,90,66,42:0,R,1,CA8QAA,133,90,79,42:0,R,1,CA8QAQ,133,90,79,42:0,R,1,CBAQAA,215,90,54,42:0,R,1,CBAQAQ,215,90,54,42:0,R,1,CA4QAA,271,90,63,42:0,R,1,CA4QAQ,271,90,63,42:0,R,1,CAEQAA,28,202,652,1496:0,R,1,CAoQAQ,28,348,652,1350:1258,V,0,0,0,0:3019,V,0,0,1034,870:1,e,B&zx=1714145554524&opi=89978449	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=1&oit=4&cp=1&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGOWRr7EGIjAHwueNDSQI-WXeAdig1ilxcW5kJRzd2zjnuDDx24OkMugOmCswnljnlrWZEzXJrwEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
https://www.google.com/xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=uKlGbf,syyj,sy3ze,DpX64d,sy3zf,EufiNb,sy1fp,P10Owf,syy4,syzv,gSZvdb,sy5ul,vTw9Fc,sym1,syoh,syoi,syoj,syok,syol,DPreE,sy2tx,qcH9Lc,sy3l6,ROaKxe,sy3l8,sy3l9,pj8IAe,sy15a,sy37l,sy3lf,sy3zm,YFicMc?xjs=s3	false		high
https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGPORr7EGIjAjT-is8k6Uwm1EagwkXv7b_3Y6lH1AXZSE6X-OCgzMA9YBQPBGvSt1H2oAX7BK9VoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
https://www.google.com/gen_204?atyp=i&ei=C8krZr7QHOyTwbkPuNyGwAw&ved=0ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ39UDCAw&bl=jahV&s=web&zx=1714145552180&opi=89978449	false		high
https://www.google.com/compressiontest/gzip.html	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.142%3A&oit=3&cp=15&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=sy3zk,sy4e6,w4UyN,sywu,sywv,EbPKJf,sy4tu,sy72c,J9Q59e,sy4tv,a6Sgfb,Tia57b,KpRAue,sy1kd,NyeqM,sy2t9,sy2ta,O9SqHb?xjs=s3	false		high
https://www.google.com/recaptcha/api.js	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94&oit=4&cp=6&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGOWRr7EGIjBl3Z8mdV7iuQlXx3vrRkL4AVRIBUGOwGPzUYmxiw-erxFt5zhM4ErcjFfPkRW3OPQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104&oit=4&cp=3&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.142443&oit=4&cp=15&url=https%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&pgcl=9&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/complete/search?q=104.94.109.142443&cp=0&client=gws-wiz-serp&xssi=t&gs_pcrt=undefined&hl=en&authuser=0&pq=104.94.109.142443&psi=C8krZr7QHOyTwbkPuNyGwAw.1714145550203&dpr=1&ofp=EAE	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.1&oit=4&cp=8&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m	false		high
https://www.google.com/gen_204?atyp=csi&ei=C8krZr7QHOyTwbkPuNyGwAw&s=web&t=all&imn=8&ima=2&imad=1&imac=0&wh=870&aft=1&aftp=870&adh=tv.-188&cls=0.0010946031434360575&ime=0&imex=0&imeh=0&imeha=0&imehb=0&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.17,tjhs.21,jhsl.2173,dm.8&nv=ne.2,feid.6b7c86dd-5656-4e17-b8e8-3066ab3bf4fd&net=dl.1300,ect.3g,rtt.350&hp=&sys=hc.4&p=bs.false&rt=hst.197,cbt.197,sct.429,prt.558,xjspls.1199,xjsls.1199,afti.1311,afts.474,aft.1311,aftqf.1313,dcl.2394,xjses.3600,xjsee.3640,xjs.3640,lcp.566,fcp.364,wsrt.3948,cst.331,dnst.0,rdxt.3197,rqst.1107,rspt.695,sslt.331,rqstt.3536,unt.3203,cstt.3205,dit.6342&zx=1714145550215&opi=89978449	false		high
https://www.google.com/gen_204?atyp=i&ei=C8krZr7QHOyTwbkPuNyGwAw&ved=0ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ39UDCAw&bl=jahV&s=web&zx=1714145552501&opi=89978449	false		high
https://www.google.com/recaptcha/api2/payload?p=06AFcWeA4qo7BvEsw6c5x7L0zWkwDxk41s4QXBFq-UTbLoYi4mYg5pWAHsT9vh8DMhbPPHIyjECIZ4cYU41ywyA8hdRigYZQJnKI4_I3uv32GImq_xmDdqm2nF9i9bAfGu7AlTCwBDt7YWEwIJ3RtEJzTJZfrDDqE8Eyg8H6v_CVaI8sLZw3REAQxg9HgOdQ_aRKGSEE8JfJrWqTp2iL71Gqv5cBxUH_2LMA&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&id=abd561db531187e4	false		high
https://www.google.com/gen_204?atyp=i&ct=rcm&cad=&ei=C8krZr7QHOyTwbkPuNyGwAw&ved=0ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ39UDCAw&jsname=gLFyf&zx=1714145552500&opi=89978449	false		high
https://www.google.com/logos/fnbx/zrp/full_yeti.json	false		high
https://www.google.com/async/newtab_promos	false		high
https://www.google.com/gen_204?atyp=csi&ei=E8krZtq0O5DvkvQPhcq9oAE&s=async&astyp=asyncContextualTask&ima=0&imn=0&mem=ujhs.17,tjhs.21,jhsl.2173,dm.8&nv=ne.2,feid.6b7c86dd-5656-4e17-b8e8-3066ab3bf4fd&hp=&rt=ttfb.1013,st.1014,bs.0,aaft.1014,acrt.1015,art.1015&zx=1714145554994&opi=89978449	false		high
https://www.google.com/client_204?cs=1&opi=89978449	false		high
https://www.google.com/gen_204?atyp=csi&ei=C8krZr7QHOyTwbkPuNyGwAw&s=jsa&jsi=s,st.8916,tni.0,atni.2,et.click,n.vZr2rb,cn.2,ie.0,vi.1&zx=1714145551503&opi=89978449	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	49D5B680BBA8CD5C3273D844C4D4FD29	2F6B8CA44B2F3426CF4B9722C49C243EB692884C	3836E6B1CAF5FBE6F45A8DE376E7F9A9432CC4EFFE1D15485474E7B279302F6C
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)	ASCII text	49D5B680BBA8CD5C3273D844C4D4FD29	2F6B8CA44B2F3426CF4B9722C49C243EB692884C	3836E6B1CAF5FBE6F45A8DE376E7F9A9432CC4EFFE1D15485474E7B279302F6C
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG	ASCII text	C211F8BEF795A6BB354643F27C4D353F	BF4612CA8806996A76CF78B0C8D111C860353ED5	C34D18BD49906765B4656DC48114D47BCEE5F14B4C6E144C2AC2E372AEA53DC3
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)	ASCII text	C211F8BEF795A6BB354643F27C4D353F	BF4612CA8806996A76CF78B0C8D111C860353ED5	C34D18BD49906765B4656DC48114D47BCEE5F14B4C6E144C2AC2E372AEA53DC3
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\57976eb8-e795-42a2-ae2a-36f82186c22f.tmp	JSON data	4C313FE514B5F4E7E89329630909F8DC	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)	JSON data	4C313FE514B5F4E7E89329630909F8DC	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5d434e.TMP (copy)	JSON data	4C313FE514B5F4E7E89329630909F8DC	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e1a9dfbb-a1c2-45d1-94ed-f4999b77d8cf.tmp	JSON data	92476288EED9B016E076AA201F8FF1A1	12C87EB06CC2D70F38A500B46312C943F9E1C923	C56636D6AC981EA596D5CE86ED8319694B86980FBEA8853E92EBD03631842858
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log	data	B6EA77E93B0FE91F9E82E4C30247592C	2A63F64917802D72A45BC5E91FB503B77A9A16EA	BC9F2245B9D4116BEAD7E19BC3A41E606459101F1E9AE21B6830234A2E1C201B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG	ASCII text	B60A7EAC633E546CE0CCD81E06E71178	D1C48895FF229B49D327645758FCD6B31C5EC9A5	CED1746EC25BD55C27001FD93A390A023CDF3ECA9F41273D67D14795E39E32D3
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)	ASCII text	B60A7EAC633E546CE0CCD81E06E71178	D1C48895FF229B49D327645758FCD6B31C5EC9A5	CED1746EC25BD55C27001FD93A390A023CDF3ECA9F41273D67D14795E39E32D3
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426153055Z-179.bmp	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54	7EEC63D80382686E8698B6E513B9D565	F6B7C0239D3859210E86F79C6323D4ADABF49E07	C16B5A23013B21FD4C019337CC5BB3DF467615F2A5751AD8353833ED85143487
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2	A4D5FECEFE05F21D6F81ACF4D9A788CF	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	4EAE1F64BCE86D1869B60440149B1D61	61FCB7BB5C050FE70E77E9F1C36D416ECB4FF8E8	0EBCC8A7A67CC4B70AA8A11728EF8997AD57BD31FF4FC809E44BC512A5A28A94
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID	JSON data	1AF73C46D83C2CAC37F9C2F591E21FB2	134B4A8B1D028E3BEB800B7EADDFF5B22B5F3E4D	56F0F38215AD40337A4C3BD2AE1AC5813DCE3DA06C055DCEE6CFC58D994516C4
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface	JSON data	BBE5C9182919ADE311253734A4E597FD	90B26CF698BD241099F4DB1390B8B4BCBABB056A	6F84B25060BC13C53C675B7C9A1E4775660230BEC9307DB99854F8F56B266976
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface	JSON data	07BD490AD7332059C0A1C7C8BBB81414	80D99A597EB35E6BCC17946EDA88E35690498E44	F9A1B5F97CCC869DEA497BD9D79E3543C327C4825FF8BDC6A2BB91E53A9D4542
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD	JSON data	0E8A1A100403557771A9B751EE7997D0	42ACA80200A9A5947EA6BB723CC90C66C7B51487	CFAAB1BE743371903AB5BCC707C5D063023C4E83434400E81A37A1810911138E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner	JSON data	0E0D6E11106FCD096204A57A9E97731E	8C7D10000540353CB94B1393EF57BE026DFD1EEB	0357C7663E807401006A87E366FBEEC2F89EEB1452A38BAC8793B746BE4E753A
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner	JSON data	75BE660E6B5B792DA5BB08A8C7C1CC28	6D20888F4A57F5356B83FE3F3502F88911BD0D3D	B38CDD71C7F2157BC07282BD443163FB5DEF5D6511B1F4EEBCDC4BE4BE3F7257
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention	JSON data	01A96126964256D95D9B8FDCA0EC35BE	36187EB98390BD27DB1DC2A69C8E5B71CAE3ABE0	1AD45AFF57B78379551625F4041C743B42AD6A972DE55138BB00B3A4A6BE52E1
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner	JSON data	D91EFCB86CAB7072AE3712A20E9E2C7D	724020B4B7DC7CF7696733C80B87E17E2412F395	DA8B3163886EBB8AB80D0A70E17432052D2EFF242ECC2C280249211CF5F26F31
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner	JSON data	444256ABFB5AEE022FD6183E5069E613	27C2931C852448C3C244D27300A3D7A243AB8C00	EA0D46CE3AE605E94DDC0322270921E128DD86533BC37C1044CF60922A899CB8
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner	JSON data	B88703FFF71286814870B802606F1130	C2FAB5B3E1A4003CF5739895BD6457BCA55FFCDD	637517985AB827966A63852C4C4666E89F6C5AF52CE0CD6200901E07A1CDF320
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner	JSON data	73C26D50650F1F81BABBBAD9A0EE80FA	1D0DB7233CB0E04E6EF48F519A4C5C8ABA41E46D	B639786906081A7A7C98D6DF09DA1453E705688121F989C41B1168240FE615B2
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner	JSON data	723D5F7A3AEE7412AF8DF4F973C6C7FC	BBDD0232E5F4323FD3B16E876CE6CA2389121882	6C77B69CA2821A2C7BF8290D33D6CDDA52158AD72F6DA8F5B8010A5D30A59826
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention	JSON data	5DD9DB1762288A1401A6FF87B2652E1F	BD9EA83C150E95F8CBCCF547F4FEE3DD230029AC	C0135265679EAF164ABDFAEA4442A113481A5C68577D9866C79BD430B00C637E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner	JSON data	4405C632D543424271D56785D9CD3A14	67148C7EAEB00E9D29BCBA7ADC2818C2E7A0A488	B005934E555C384958C7E5250810821BD3A1F372A22E4BADA60527717DEDC162
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards	JSON data	53B07BC2B38FAA3CD9659CD58F9A00A6	6AE721D41E75AAD3E55DDE0532161C0F3DCF4F01	9CC1D1753EB41D539DA4C14D25604905380B45F4A3813E8E2B4D3F9F627A7C90
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020	JSON data	923C6022835949BD9C41650B7D673BF9	56328A0952DAAA26DA894EDCE9D2A40CFBBD4645	ECE86631E764D50B5B20F639DE935FFE12DDC338BF25F285E53B28C2373F44BE
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json	JSON data	E91C65130F58F20AC2083DFA0FC4B34F	7AB8F8196C3CC8126F3DCA16E2CCE7C40A5B8000	294FAA6D01702AE6A817C966DFF31FFCD408713BF9238628F20B09C5D0054C35
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19	064F04489A61C6C35740C30656E41B8A	018C673642F4ECB6D824E69EA162FFD2EE30B454	1CCAC2F2325F8839CA2789212BD3EE24F5BE0B6488A2F58BC734E3EBC2236C47
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal	SQLite Rollback Journal	5EFC50683AA3B03005761A08403D427B	98B353625967D023ABF9629E4C1E09A811626DFC	1350777960A6B10DA56A5E6AC0FAE16CE02E7DAFD83D94AA1E5583809060E566
C:\Users\user\AppData\Local\Temp\MSIc3633.LOG	Unicode text, UTF-16, little-endian text, with CRLF line terminators	285ED59044CDDEF37FCB1BA9B5A501A6	785456C87668A6B781AE6037F36357DC3782DEC4	A5EEA742D0F441B2812C647A5F4E791146CAE9996AA7267D08D0645A15E54CA0
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 17-30-52-579.log	ASCII text, with very long lines (393)	91F06491552FC977E9E8AF47786EE7C1	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log	ASCII text, with very long lines (393), with CRLF line terminators	0DAB6BBACB4A5E853973A061077625F5	C10A9A7D3A80AB52587FB961167CA75FA00F7694	09B83DB41436F938BE89D716D2419C4101422B98CEEB23C0E6BA4A3DB0FCDC52
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt	ASCII text, with CRLF line terminators	47EC367B6164886513AF94C2923C1CA4	42B596229C920AB8B5B605157E3C9B45E0EAA844	320261B62881F29CA722F3E1969FF5908AEF7E6DCB5782A3B18E079F0ADDC3DA
C:\Users\user\AppData\Local\Temp\acrocef_low\1871b987-57d4-4bb9-b03c-a07335940192.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538	3A49135134665364308390AC398006F1	28EF4CE5690BF8A9E048AF7D30688120DAC6F126	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
C:\Users\user\AppData\Local\Temp\acrocef_low\2d4956ea-4709-4813-85ab-3176370fa2d3.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142	A8E5C37206C98D1B655FF994A420FFB6	827237782AB5971EC205C3BCECCC7950BE9F84C3	F1F755059AF7C2CBC36920337941AEFB18FBDB3CD14D3239CBBBCF0CB8F208EA
C:\Users\user\AppData\Local\Temp\acrocef_low\6fbd3c1e-fd65-43d4-a738-af3488a6fefb.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081	8B9FA2EC5118087D19CFDB20DA7C4C26	E32D6A1829B18717EF1455B73E88D36E0410EF93	4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
C:\Users\user\AppData\Local\Temp\acrocef_low\736ae9d9-57ba-403d-8589-2dd5deebf712.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022	774036904FF86EB19FCE18B796528E1E	2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16	D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:31:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	DEDBA2B348FBEFF4613368A6FC698415	1F49254394BAE9565C7E73B8D07AFA13B0B67940	4989BC3FBA7D91258DD160CFEE2AFF22AE819BC0CA84A1E8B78CD95171A31F48
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:31:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	4529F54165A4812318565A0D99FE90D2	96E35F96364915D217A0326CFFEB8C858D1CAEF8	3AC34A4E2D0476597CBEAC9C89E3AD3E7B4F6F5D97DCFACC8A21ED28CD64EB1C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E19A7D9A79C4ED09056E3A49472F90CC	51D060CD200D79D5911218E8908C897250F39FA9	B7E3EDBBFEFB65EA607819A0F4B975AF7A3923164D6FEBDDD6C74484240BF9B9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:31:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B5E533C500517272F97F4E483D913395	069F4A8B85F7DEDD9A988A079E8992EAFFD1A53C	1EAA915FE1BF257A958772CC347FC5461ADE7E70845CFEFD9DA3373BF4FE7129
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:31:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	FA56B23882F664897B2F9AADE86CA94D	F2FDD27BD9021FB80F5137FF1C22F29975F6A712	0044D0A639DE1F4C9FC60794A425F4B7CCA2F5AA302673BC6F5BF306090BF7E2
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:31:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	608DAA99AC47A3C4167837659DFF5A97	3C1D281B97B0F4DC91C09F8FA60C60E78B19D155	DC740164EEE82B7D295DA883C7FD8DA0F8CCDF92D302593369D82E3FE77D045C
Chrome Cache Entry: 241	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x100, components 3	007417D537E245BBD3EFA172BCF15B85	03CB8F1851D6B7F8B85329D3E5852151DBB1DFE9	DDCED704D187FB6B1BE89025C66AA2DD4918541F0CEF661E3E4BC2BC24CF49BC
Chrome Cache Entry: 242	ASCII text, with very long lines (631)	E2E79D6B927169D9E0E57E3BAECC0993	1299473950B2999BA0B7F39BD5E4A60EAFD1819D	231336ED913A5EBD4445B85486E053CAF2B81CAB91318241375F3F7A245B6C6B
Chrome Cache Entry: 243	gzip compressed data, max compression, truncated	D317C25EBCF619DCAD17963A91904BC1	749A0A568BEF62730A278854033B5D83AC81519C	F5AF56B41CA2466246D1648A3BE8FE236C4F123E3FA8589C10A72F1C68ABBE8F
Chrome Cache Entry: 244	ASCII text, with no line terminators	284B36421A1CF446F32CB8F7987B1091	EB14D6298C9DA3FB26D75B54C087EA2DF9F3F05F	94AB2BE973685680D0BE9C08D4E1A7465F3C09053CF631126BD33F49CC2F939B
Chrome Cache Entry: 245	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x100, components 3	1A0E7F8A939A4DDF321C1B1089CC2F5F	01AB7452DBF941F9B0683F6D3142CACB3C97230A	3C7F9C57B75BB5C19D3AC057E40967DD5161BFA7509E46F086EA5F8293E1A434
Chrome Cache Entry: 246	HTML document, Unicode text, UTF-8 text, with very long lines (42314)	1D7A139401417D3FFE8657CFD14E862F	88DB666FE16197DCBE21CF63C1223DAD87739E84	BF3A3B2844F9498430087BA1C309A8FCDCA7495DE589B6D8971D0089F032ED8A
Chrome Cache Entry: 247	Unicode text, UTF-8 text, with very long lines (64698)	4014D049851B4B6EC0BA7EED8872732D	96F2BA0212CCE0FD0A9ED9465B7BE7414FBC17A1	F885AA9C8EF261689AF96CB5F0896DB880EDB2F6657C390ADCBCFF2F4056BDB1
Chrome Cache Entry: 248	ASCII text, with very long lines (1268)	633F27908E5F3E8F98C2E752356EA004	22231B22D3A91A24E110527FCDAD820BCCC15583	BD1820203A45DC50C22447AE9BEFCE1CB0D5EA76DE9C648827950E538F1CB17D
Chrome Cache Entry: 249	ASCII text, with very long lines (763)	F91B33E16C4EB7BE9C28FD2F1340E925	D1BC28420BC0322EA1E3BA6C1C01FF5B8B48E896	6A7AA5F8617432435C2E44DC246E8DC4A008E1284CE0063C9D01B380F87A8D16
Chrome Cache Entry: 250	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x100, components 3	669B11F9DC009E344E8E4D6D3BC714F9	A57964136906A9C748FDF4BD706CC3A7F5CCAD45	DE0CF598146857C1A326CD5653765DE8CD6D41B1B795F091A935766DA5B5DF74
Chrome Cache Entry: 251	ASCII text, with very long lines (7999)	FA425C977E4205305851E8BC65D91E03	729668A64A81E425A1EA937188191248D13F13E0	80ADF121BDF3BAC174125C3C6A5E2607177354FBEE2B87D7E6EDA5F137E3DD5D
Chrome Cache Entry: 252	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	F3418A443E7D841097C714D69EC4BCB8	49263695F6B0CDD72F45CF1B775E660FDC36C606	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
Chrome Cache Entry: 253	ASCII text	624F7A7BF63374D3802A6B182EC81EC7	92FD83406DE87B97AE9013065A9B7A490C15CE5F	9D66F8927881004041A4465D24E96FFF33030C8ACD5B5BC663AF46BB656957C9
Chrome Cache Entry: 254	ASCII text, with very long lines (7287)	D7851547DA896316F246BCD98A09C4F0	1AA4A25E1FE15D4C20BF9EE0DB5E11C12511C253	B396675FA1606E1A74CFD6F1FDC05FE57BA49759059DC4572AC4041E4A9F3015
Chrome Cache Entry: 255	ASCII text	9D0FBF8388771A418264293BB9977075	96E3E6E3DCCCD46AC4079E93D93C5DADC047DA13	15BEAEE5DBF1612EE813F20881AB315C78EA21F5A775472672EDAA308B3D93A1
Chrome Cache Entry: 256	ASCII text, with very long lines (994)	BA9DE1EAB3676D6E2A87D518BB88BE28	C0CBD925610612D23EC644D8BEDAD34B8F8D2207	14E63910EBE6ACE22E91F345F24B81FFC39C05BF397C9C5C268CCCDEA0806DC2
Chrome Cache Entry: 257	ASCII text	9BD9843151E1E273B322C761C25D69F6	DE2B57A02C6C300111809BB7C0162F3FA1A1D6BD	8B7DED946011737A6AFD0EEFA83032C08B3F90B39DD702D1CED75764383CCC06
Chrome Cache Entry: 258	PNG image data, 184 x 60, 8-bit/color RGBA, non-interlaced	0877987D1BE23418318D595A3A297CE9	F69E2644E31165BD95311C2EF6D563CFEB1BCC13	FD4D9D732E7A4AF52746EBABE6BB16941EE71AE3E919131AF700CF4E1228A16A
Chrome Cache Entry: 259	Web Open Font Format (Version 2), TrueType, length 15436, version 1.0	037D830416495DEF72B7881024C14B7B	619389190B3CAFAFB5DB94113990350ACC8A0278	1D5B7C64458F4AF91DCFEE0354BE47ADDE1F739B5ADED03A7AB6068A1BB6CA97
Chrome Cache Entry: 260	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	07BF314AAB04047B9E9A959EE6F63DA3	17BEF6602672E2FD9956381E01356245144003E5	55EAF62CB05DA20088DC12B39D7D254D046CB1FD61DDF3AE641F1439EFD0A5EE
Chrome Cache Entry: 261	ASCII text, with very long lines (12727), with no line terminators	65656D15E9F9AB0E9A0F9D8F4C004235	54E6C4AF5ADBAA2BF19F77102D31C924E2DFD354	D5351DFB35DB1DC99FC1109D536EEFA95478D5B48BE55B90A2CD6526397954B8
Chrome Cache Entry: 262	ASCII text, with very long lines (1063)	860F7F5856575849B0E45BFFF091427E	6715A240F38E0005692CB73B849F7D77875EDD52	7175D22CA6DCBBE3706D8E3C1BCA70D48F83ADA8C4DD53294991C37E15C7A079
Chrome Cache Entry: 263	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3	9EB5BD79275E4EB831E83342215085D0	26FD6925A2114A3BF5F4E92326AE151CEDDFB502	08E6B96F7F9B4C230A2F28376F6C0C28BFDA971BE639D99C045DA273BC7682D1
Chrome Cache Entry: 264	ASCII text, with very long lines (1222), with no line terminators	463D838587C8B5873CB6E4E942B770C9	E69DCF383A6F3F51F123CA2D86F19FC4BE09E612	1448EC1B3F30A554233BD280AA99A7EAF690D1098647E7DDDEA286C757884F9C
Chrome Cache Entry: 265	ASCII text, with very long lines (2069)	489BD806D144C421D8EA3D543327BCBD	F8CFF22B43B1814207F409FCC9C8CD598FC7B396	705935B885591D8CDE854221E0E8FDE9EF1B58CF24CE659E20F544AE27AA80F1
Chrome Cache Entry: 266	ASCII text, with very long lines (578)	52D84C13CEC0D379677CB96C66F9E3F5	EC8492DC201F68236A2CF09F3F0227F8312F5AA0	55E53CC330472E6142B1D0BDAD5356F2DCD8B2C932E28501AB2688C834811958
Chrome Cache Entry: 267	JSON data	80FF50A38BC500802B1ABB2FFF818B8A	32DF2387EF3BA4C63FFCE7AD913591DC8D5688FC	E3ADF4598D23486CA8181C950C4141648ECE4C14B42DF32C009200051528A371
Chrome Cache Entry: 268	Web Open Font Format (Version 2), TrueType, length 24652, version 1.0	87C2B09A983584B04A63F3FF44064D64	8796D5EF1AD1196309EF582CECEF3AB95DB27043	D4A4A801C412A8324A19F21511A7880815B373628E66016BC1785A5A85E0AFB0
Chrome Cache Entry: 269	ASCII text	E286A9C382E0F41312B7868547C392CA	0A4E3F7229AF129ED63F473C0CA9569452B9269C	BC74D26A0E1FAAC7C6468B23F370CCEA26993D6BCAE113C665886725E4ADFCC0
Chrome Cache Entry: 270	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
Chrome Cache Entry: 271	ASCII text, with very long lines (3409), with no line terminators	379E3CF909A1554EF7E25B25FEDCD916	50B9E7133DA16011DD0D43AB708DB2B59AAEA63E	417F46B72DF2C7385E433551DF535B9AA81A5DF0A146F06E5D18F37E349E7364
Chrome Cache Entry: 272	ASCII text	CE55855A2F26FB487396CE846D795121	066AFDF4055274E1CDA76BF6653483D4BFBE9AB8	D9A8EDD82E4F69227DE94A14583CB5CD20B0EBE18F7B31B9531E2A803F01DC49
Chrome Cache Entry: 273	ASCII text, with very long lines (595)	77532C616FDAC7BA9FB5D11FD4CF3FE4	CD9BE618CD7BFADB73E49E75B8FCDCF6F48E2A2B	52854BF21A3D86120D39D3BFC1BCAB92F82D22A1679698CB2C0BE8A3A44579B6
Chrome Cache Entry: 274	ASCII text, with very long lines (547)	171D89CCAC17BCE135E75387FBBB8149	B3A45FD978CBD6CF4C6F2AD862A907155D665247	664882A000AD5312D15A5EFCA09DADB42E745D81EBEC908CE7639673D796E12A
Chrome Cache Entry: 275	ASCII text, with very long lines (65536), with no line terminators	780172CB0BB1C779E30A978430FDA0D5	02059B9F5C19A0E5565E72E5FE1AB6089FBB8FA7	6E363BA646E3AEA5D8F3F2FE469A4FA15A85C71A7320DBA71B5E738718CB01DA
Chrome Cache Entry: 276	SVG Scalable Vector Graphics image	EDD0E34F60D7CA4A2F4ECE79CFF21AE3	2CC789A02534557380D92124E2F8B9483D198FB3	ED9087D76CDC6D1C53698F6068F79872E77E87C8D012C0CFDAD13B05B6CCB37C
Chrome Cache Entry: 277	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	0F2A4639B8A4CB30C76E8333C00D30A6	57E273A270BB864970D747C74B3F0A7C8E515B13	44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
Chrome Cache Entry: 278	ASCII text, with very long lines (56412), with no line terminators	2C00B9F417B688224937053CD0C284A5	17B4C18EBC129055DD25F214C3F11E03E9DF2D82	1E754B107428162C65A26D399B66DB3DAAEA09616BF8620D9DE4BC689CE48EED
Chrome Cache Entry: 279	ASCII text	9BD9843151E1E273B322C761C25D69F6	DE2B57A02C6C300111809BB7C0162F3FA1A1D6BD	8B7DED946011737A6AFD0EEFA83032C08B3F90B39DD702D1CED75764383CCC06
Chrome Cache Entry: 280	RIFF (little-endian) data, Web/P image	C3DFF0D9F30EC0BCF4DEC9524505916B	4B378403ACBEBC3747E08C69B5FD7770A850C9EB	73D788F86BE22112BB53762545989C0F1BBDB7343161130952C9BA3834FF81E3
Chrome Cache Entry: 281	ASCII text, with very long lines (17673)	9FBB8606566EBF96C502666BFFFD254A	FEB80CB296B30432EC659D7EEDFE3C6022A450E2	9644D7AB8F581B9FDE8F5C3B9B84FD370FF52F1D4E71DD60B5E590A6C7D5FD39
Chrome Cache Entry: 282	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x100, components 3	12F5E274D0B544AEC9DEAA1FA14EFB37	ABACB1DB9A1DD43F2C03C3CF1DFA7D5ED34E7C9C	C4CBF0B78211FE7634404C08DB2E02EDFAC99DE9F3AF65F590620DFE5B142555
Chrome Cache Entry: 283	ASCII text, with very long lines (648)	D84312C9C30A6D819F2223401CD34BF4	4DE7FB24F375E03B07A2BD7E755F82E49A98942A	FC161F4113435219FCF5CD20D6D8872AA9C39C42EA0D13E8FDEF8EA7EE263AB2
Chrome Cache Entry: 284	Web Open Font Format (Version 2), TrueType, length 15340, version 1.0	19B7A0ADFDD4F808B53AF7E2CE2AD4E5	81D5D4C7B5035AD10CCE63CF7100295E0C51FDDA	C912A9CE0C3122D4B2B29AD26BFE06B0390D1A5BDAA5D6128692C0BEFD1DFBBD
Chrome Cache Entry: 285	ASCII text, with very long lines (3358)	878A30ED051ECFF9E54FA507C857AFF3	48B15B7D623B4B1C533F2C07042CA0FB954C0B22	FCBA42D51AB544FF9EA5F0B41EFE9B7A7F8B3C15168A0617E98E93FF4A614DA0
Chrome Cache Entry: 286	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0	285467176F7FE6BB6A9C6873B3DAD2CC	EA04E4FF5142DDD69307C183DEF721A160E0A64E	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
Chrome Cache Entry: 287	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0	5D4AEB4E5F5EF754E307D7FFAEF688BD	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
Chrome Cache Entry: 288	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	88E0F42C9FA4F94AA8BCD54D1685C180	5AD9D47A49B82718BAA3BE88550A0B3350270C42	89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
Chrome Cache Entry: 289	ASCII text, with very long lines (567)	41E0A4E454A4C03BA8AA97F79719F356	61D31E5012198A8CEFF476258F7A040E8DD31C90	9C3245767580983E6414B0E75BB6DD72FBCB397EBE6A251E18DDDF9D57718F44
Chrome Cache Entry: 290	ASCII text, with very long lines (880)	2A2643C7961450362B92BCAA8550558A	43BC5FFA20585AAED903B96D6555B0B8C665A4C9	4A0FFC41E07AA652945C148D1FB565452F820E81EE2FF7CDE199E48EC591FD49
Chrome Cache Entry: 291	ASCII text, with very long lines (537)	4C21B4FC61FE49F8D896745F3F47C0D9	A0B65812ED9F594784C55F4295462CAE9AD9C10C	5A2790ED6130F5FC1A4DD1FDA856894F60825F4AE1F50B3A4C28ADF55056E1A8
Chrome Cache Entry: 292	ASCII text, with very long lines (1149)	0EE55DC039286D3584FEC35812FD5857	D2354A12AFD87C225279CC144BA68ED30D5E7782	EEF07892FFE8E291AE16F8B2BBEB304CA202D763C0777D867BB7C96434B94D04
Chrome Cache Entry: 293	ASCII text, with no line terminators	AFB69DF47958EB78B4E941270772BD6A	D9FE9A625E906FF25C1F165E7872B1D9C731E78E	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
Chrome Cache Entry: 294	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3	0D4BC88A69EB1A40B15490C97C9F375F	8179AE37EB83A3530C23FCA24D3D8B53ACA7FA5C	9CE7960CD9065761E9529861AA8E334D50F69A694FA9D57EF16390E9DB5869C5
Chrome Cache Entry: 295	ASCII text, with very long lines (8478), with no line terminators	2B6E494F00DE071FFA385E06CB6B171C	0E98C9D3A6B23673E867140D690A54CBD2CB134F	67E576D9CE560B0FFBECDEA9C99161A00D593ECDDB6A959CB77A2E8A9A038C29
Chrome Cache Entry: 296	ASCII text	42278BB63E6BDB4846017CA670364A07	20F7FB92CD2CA4E9C8DAB98BFE01CF2CE0ABC0B7	1B67091C31EE65E2B82CA0C6787715B30E5422EB720C2E29F11F8A483E88AE85

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49706 version: TLS 1.2

Source:	Binary string: _.Vdb=_.C("EEDORb",[_.Gdb,_.Mdb,_.Pdb]); source: chromecache_265.16.dr
Source:	Binary string: _.ku=function(a,b,c,d){var e=void 0===d?{}:d;d=void 0===e.Es?!0:e.Es;e=void 0===e.preventScroll?!1:e.preventScroll;_.PDb(a,b,{Es:d,preventScroll:e});c?_.QDb(a,b,c,{Es:d,preventScroll:e}):b.el().contains(_.Ol(a.oa.Ih()))\|\|RDb(a,b,{Es:d,preventScroll:e})}; source: chromecache_248.16.dr
Source:	Binary string: a.service.yj;this.PDb=a.Kd.PDb};_.G(Wtk,_.F);Wtk.Ga=function(){return{service:{j4b:_.Rtk,yj:_.KE},Kd:{PDb:"Fd92vb"}}}; source: chromecache_256.16.dr
Source:	Binary string: _.Qdb=function(a){_.xn.call(this,a.Ka)};_.G(_.Qdb,_.xn);_.Qdb.nb=_.xn.nb;_.Qdb.Ga=function(){return{}};_.Qdb.prototype.oa=function(a){return _.Xbb(a)};_.zn(_.Pdb,_.Qdb); source: chromecache_265.16.dr
Source:	Binary string: _.PDb=function(a,b,c){c=void 0===c?{}:c;var d=void 0===c.Es?!0:c.Es,e=void 0===c.preventScroll?!1:c.preventScroll;c=SDb(a);var f=SDb(a);_.oe(c.el(),"focus",function(){this.gzb(b,{Es:d,preventScroll:e})},a);_.oe(f.el(),"focus",function(){_.TDb(this,b,{Es:d,preventScroll:e})},a);b.children().first().before(c);b.append(f)}; source: chromecache_248.16.dr
Source:	Binary string: Wtk.prototype.wa=function(){var a=this;this.ka\|\|(this.ka=!0,this.j4b.ABa().then(function(){a.ka=!1;a.yj.reload()},function(){Xtk(a)}))};Wtk.prototype.oa=function(){var a=this;this.ka\|\|(this.ka=!0,Vtk(this.j4b).then(function(){a.ka=!1;a.yj.reload()},function(){Xtk(a)}))};var Xtk=function(a){a.PDb&&(a.PDb.setTimeout(3E4),a.PDb.show());a.ka=!1};_.J(Wtk.prototype,"XZ94se",function(){return this.oa});_.J(Wtk.prototype,"xoizsc",function(){return this.wa});_.J(Wtk.prototype,"i3viod",function(){return this.Aa}); source: chromecache_256.16.dr
Source:	Binary string: _.Pdb=_.C("aurFic"); source: chromecache_265.16.dr
Source:	Binary string: _.fcf=function(a){_.iu.call(this,a.Ka);this.ka=!1;this.container=new _.Vf([]);this.Ba=!1;this.Aa=[];this.wa=[];this.Ha=new _.ODb(null)};_.G(_.fcf,_.iu);_.fcf.nb=_.iu.nb;_.fcf.Ga=_.iu.Ga;_.fcf.prototype.isOpen=function(){return this.ka};_.fcf.prototype.open=function(a,b,c){c=void 0===c?!1:c;this.ka\|\|(this.Ha=new _.ODb(document.activeElement),this.Ja=_.oe(a.el(),_.QCb,this.Qa,this),this.container=a,gcf(this,a),c?_.PDb(this,a):_.ku(this,a,b),this.ka=this.Ba=!0)}; source: chromecache_248.16.dr

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.94.108.142 104.94.108.142
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.50.112.54
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DWP23o5EnE1h4Lz&MD=RHUsShKZ HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DWP23o5EnE1h4Lz&MD=RHUsShKZ HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGOWRr7EGIjBl3Z8mdV7iuQlXx3vrRkL4AVRIBUGOwGPzUYmxiw-erxFt5zhM4ErcjFfPkRW3OPQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=aAgFRJ-84LrbS9myeZFj7--hl8Dl4FLDUfiX76lTQbi2Vo5UrN8T2kyvmso5OxT9Qmo7_JvmFUzyGh_QG94RwcSkdq4r-AqUEAYA_OpqVQNBnMyLpAmzfueFr-LWRkcvSxq62OizXI3GcnHQUmK96YelFaRGPMZALMKDlzywC7E
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGOWRr7EGIjAHwueNDSQI-WXeAdig1ilxcW5kJRzd2zjnuDDx24OkMugOmCswnljnlrWZEzXJrwEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=1&oit=4&cp=1&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=10&oit=4&cp=2&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104&oit=4&cp=3&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.&oit=4&cp=4&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94&oit=4&cp=6&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.&oit=4&cp=7&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.1&oit=4&cp=8&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109&oit=4&cp=10&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.&oit=4&cp=11&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.1&oit=3&cp=12&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.142&oit=3&cp=14&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.142%3A&oit=3&cp=15&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.142&oit=3&cp=14&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.142443&oit=4&cp=17&pgcl=7&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /search?q=104.94.109.142443&oq=104.94.109.142443&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA&sourceid=chrome&ie=UTF-8 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/search%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGPORr7EGIjAjT-is8k6Uwm1EagwkXv7b_3Y6lH1AXZSE6X-OCgzMA9YBQPBGvSt1H2oAX7BK9VoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGPORr7EGIjAjT-is8k6Uwm1EagwkXv7b_3Y6lH1AXZSE6X-OCgzMA9YBQPBGvSt1H2oAX7BK9VoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&s=KAN_iKlHLO8R0NKiNKk0WWR6Z4gU4gG-TPOCOwjgtQNuPSfT4mukUg8B3rgwcZpUeZThhdud0p8kEuaohNHeLAcLw0ux1hPsgJBn1gjdnNI3jWHwexkcVfz0HXBxWL9dURbBXp0dPLOVXmf9O3riZSDttRSH47QuZk9GsRQYh5pRA1fVKpGZKKvfHwMuWe6uuVUYxRa19V86h5I4JU8bMZfoqXUPctpZ7ib1akxUq5T0kaC4wuEFOI8V6PwRbaxi1ink_9AZRHy9f4zmxv7kclRLhUX4SKM&cb=7zgrwx65alt9 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGPORr7EGIjAjT-is8k6Uwm1EagwkXv7b_3Y6lH1AXZSE6X-OCgzMA9YBQPBGvSt1H2oAX7BK9VoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&s=KAN_iKlHLO8R0NKiNKk0WWR6Z4gU4gG-TPOCOwjgtQNuPSfT4mukUg8B3rgwcZpUeZThhdud0p8kEuaohNHeLAcLw0ux1hPsgJBn1gjdnNI3jWHwexkcVfz0HXBxWL9dURbBXp0dPLOVXmf9O3riZSDttRSH47QuZk9GsRQYh5pRA1fVKpGZKKvfHwMuWe6uuVUYxRa19V86h5I4JU8bMZfoqXUPctpZ7ib1akxUq5T0kaC4wuEFOI8V6PwRbaxi1ink_9AZRHy9f4zmxv7kclRLhUX4SKM&cb=7zgrwx65alt9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /js/bg/lkTXq49YG5_ej1w7m4T9Nw_1Lx1Ocd1gteWQpsfV_Tk.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&s=KAN_iKlHLO8R0NKiNKk0WWR6Z4gU4gG-TPOCOwjgtQNuPSfT4mukUg8B3rgwcZpUeZThhdud0p8kEuaohNHeLAcLw0ux1hPsgJBn1gjdnNI3jWHwexkcVfz0HXBxWL9dURbBXp0dPLOVXmf9O3riZSDttRSH47QuZk9GsRQYh5pRA1fVKpGZKKvfHwMuWe6uuVUYxRa19V86h5I4JU8bMZfoqXUPctpZ7ib1akxUq5T0kaC4wuEFOI8V6PwRbaxi1ink_9AZRHy9f4zmxv7kclRLhUX4SKM&cb=7zgrwx65alt9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGPORr7EGIjAjT-is8k6Uwm1EagwkXv7b_3Y6lH1AXZSE6X-OCgzMA9YBQPBGvSt1H2oAX7BK9VoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGPORr7EGIjAjT-is8k6Uwm1EagwkXv7b_3Y6lH1AXZSE6X-OCgzMA9YBQPBGvSt1H2oAX7BK9VoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA4usRjYkJfr9srSp2HD4-ZZAVZywMgBTv-cvcNDNMdzhtedLDEkllNnkQiQBbtl3h4As3V2Iew446Zxj5dcFMe0MMOrTyv4ts3-hjod8380h_vsvEgOVv7dHXvzSlPNaf0Z9uZQr8h58zsC5_C-Yi198SrWQsa7MZ5u3dpR8HcvIT4q5vas_t9yZ6LuKTyDOaezHVWLaYozqtkSHXw9w1wzsX9jSQ&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AEdsM9PDFaukKvlTlHSflSkwqygHONJPfvWK7qQ1uvIFU_r50US66f4O1u9-2AWCLMB8FOo6Nmt9GdiEovjwKxM; 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA6u0-JMSOaecoCXHzdsX-xxrcVrgCsTYc59nt6KMq8BRd5Ex-67_RPGwRPMTEZi8lNpFhlcgy5Y7-wQWe2KnHVK5ZfToZL-Vmn0Gttkh5Yl8o5rao17hCvwzK1zjndSb_zIf76VRoc2NtYot5-zOEOdfcEXA6g2mN7FHkMnr0u6AnUZuYajaPHwihB0Zx4V6YIUYxUYXrwQdWApHkKoki170EAOfQ&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&id=ced8fd5d7352b74 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AEdsM9PDFaukKvlTlHSflSkwqygHONJPfvWK7qQ1uvIFU_r50US66f4O1u9-2AWCLMB8FOo6Nmt9GdiEovjwKxM; 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA4qo7BvEsw6c5x7L0zWkwDxk41s4QXBFq-UTbLoYi4mYg5pWAHsT9vh8DMhbPPHIyjECIZ4cYU41ywyA8hdRigYZQJnKI4_I3uv32GImq_xmDdqm2nF9i9bAfGu7AlTCwBDt7YWEwIJ3RtEJzTJZfrDDqE8Eyg8H6v_CVaI8sLZw3REAQxg9HgOdQ_aRKGSEE8JfJrWqTp2iL71Gqv5cBxUH_2LMA&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&id=d14cdf2cf524340b HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AEdsM9PDFaukKvlTlHSflSkwqygHONJPfvWK7qQ1uvIFU_r50US66f4O1u9-2AWCLMB8FOo6Nmt9GdiEovjwKxM; 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA4qo7BvEsw6c5x7L0zWkwDxk41s4QXBFq-UTbLoYi4mYg5pWAHsT9vh8DMhbPPHIyjECIZ4cYU41ywyA8hdRigYZQJnKI4_I3uv32GImq_xmDdqm2nF9i9bAfGu7AlTCwBDt7YWEwIJ3RtEJzTJZfrDDqE8Eyg8H6v_CVaI8sLZw3REAQxg9HgOdQ_aRKGSEE8JfJrWqTp2iL71Gqv5cBxUH_2LMA&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&id=abd561db531187e4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AEdsM9PDFaukKvlTlHSflSkwqygHONJPfvWK7qQ1uvIFU_r50US66f4O1u9-2AWCLMB8FOo6Nmt9GdiEovjwKxM; 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA5n2WF8wv-ME7L61a1BMVDol7SKjmXRzD04LO-5qnc5Yo-7Uv3YESGK03INgkSkcBpqFw2IVRslTj_HEYCSE0bVNqb0YyT3pUC2Pe29yUaioY0zttD_Tipl2_G5Tpu8XD-YvFrTqIJ61dTX4sv2npmlKj-lwoCG7y0yslq1m5awBb8XY2F4ks8gOphnefktV5tmjcSue1lYveyn69HCB7uZNEAi1g&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&id=1868db878e889a63 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AEdsM9PDFaukKvlTlHSflSkwqygHONJPfvWK7qQ1uvIFU_r50US66f4O1u9-2AWCLMB8FOo6Nmt9GdiEovjwKxM; 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /search?q=104.94.109.142443&oq=104.94.109.142443&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA&sourceid=chrome&ie=UTF-8&google_abuse=GOOGLE_ABUSE_EXEMPTION%3DID%3D211ac792a2de2ae0:TM%3D1714145544:C%3Dr:IP%3D102.129.152.220-:S%3DbW_BRuXgiNkknohxpUtoqJ0%3B+path%3D/%3B+domain%3Dgoogle.com%3B+expires%3DFri,+26-Apr-2024+18:32:24+GMT HTTP/1.1Host: www.google.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGPORr7EGIjAjT-is8k6Uwm1EagwkXv7b_3Y6lH1AXZSE6X-OCgzMA9YBQPBGvSt1H2oAX7BK9VoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g
Source: global traffic	HTTP traffic detected: GET /search?q=104.94.109.142443&oq=104.94.109.142443&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA&sourceid=chrome&ie=UTF-8 HTTP/1.1Host: www.google.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGPORr7EGIjAjT-is8k6Uwm1EagwkXv7b_3Y6lH1AXZSE6X-OCgzMA9YBQPBGvSt1H2oAX7BK9VoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=LPej6OG04Rcb0snzaZn34zvI2TmLcb0-3wnUowazmjg8G_aJBjV6MhRt2BlxOd6XXATZmJ0X8ektW44hgT3OlRfg_YNmffH8wClnoyJ6PVyOp4ICMyoALmDKGdmyOXU6h73Zp0q28wjUQsq0qhtbYviAAEV0hSIHDLW1F4brOfE; AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.s.GGin1mxRzvU.L.W.O/am=gB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKACAmXAAAsCGAADgg0MAAIAAAAACAACAwgEAABAgIABgAAAgAAAAAAAAHAABAAAgBAACBECAAJIQkIEAAEQwwQCkAgDDjwAAIIAEAAAAoEAAAAEDESA8hAABgACQQAQCIIIAACAHCAEAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAQ/d=1/ed=1/br=1/rs=ACT90oGSC2kJ5MOZFnDJZQWz14iwbMFYQQ/m=attn,cdos,gwc,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=b51YpLo4VR1MIeifPjI6wC1AZiY3GgI94kQnKHVX8ICBbDBgB6C1XG4hPNwsOPh0zeb4QtsPOdjysJlWqeTZk0yQDpcqoBuOXBu5GHyB2hq29z3ahDw9JiGpGyYTB1lqXMlrGtwa4kVVcxFGFVSG8PXDFAkU-VSj6gACLVMtelxQalQ9CTU
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/2x/googlelogo_color_92x30dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=b51YpLo4VR1MIeifPjI6wC1AZiY3GgI94kQnKHVX8ICBbDBgB6C1XG4hPNwsOPh0zeb4QtsPOdjysJlWqeTZk0yQDpcqoBuOXBu5GHyB2hq29z3ahDw9JiGpGyYTB1lqXMlrGtwa4kVVcxFGFVSG8PXDFAkU-VSj6gACLVMtelxQalQ9CTU
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/search?q=104.94.109.142443&oq=104.94.109.142443&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA&sourceid=chrome&ie=UTF-8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=b51YpLo4VR1MIeifPjI6wC1AZiY3GgI94kQnKHVX8ICBbDBgB6C1XG4hPNwsOPh0zeb4QtsPOdjysJlWqeTZk0yQDpcqoBuOXBu5GHyB2hq29z3ahDw9JiGpGyYTB1lqXMlrGtwa4kVVcxFGFVSG8PXDFAkU-VSj6gACLVMtelxQalQ9CTU
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=1/ed=1/dg=2/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KeeMUb:HiPxjc;KpRAue:Tia57b;LBgRLc:XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;PqHfGe:im2cZe;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bDXwRe:UsyOtc;bFZ6gf:gU6kfd;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:VruDBd;eHDfl:ofjVkb;eO3lse:nFClrf;fWLTFc:TVBJbf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;p2tIDb:tp1Cx;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qGV2uc:HHi04c;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uknmt:GkPrzb;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;xbe2wc:uRMPBc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=attn,cdos,gwc,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google
Source: global traffic	HTTP traffic detected: GET /verify/AAtmn1bTSyw2hAKlZ3LnbiQ1Wqu5634m12FM1sn670oINgsM5w6AM4xkxQt_rNluBR52tCI5NrrO_xyQcOfIPkLWLk9JFqI6z1l0UNJetPNOAxmS HTTP/1.1Host: id.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=b51YpLo4VR1MIeifPjI6wC1AZiY3GgI94kQnKHVX8ICBbDBgB6C1XG4hPNwsOPh0zeb4QtsPOdjysJlWqeTZk0yQDpcqoBuOXBu5GHyB2hq29z3ahDw9JiGpGyYTB1lqXMlrGtwa4kVVcxFGFVSG8PXDFAkU-VSj6gACLVMtelxQalQ9CTU
Source: global traffic	HTTP traffic detected: GET /compressiontest/gzip.html HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz-serp&xssi=t&gs_pcrt=2&hl=en&authuser=0&pq=104.94.109.142443&psi=C8krZr7QHOyTwbkPuNyGwAw.1714145550203&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV
Source: global traffic	HTTP traffic detected: GET /complete/search?q=104.94.109.142443&cp=0&client=gws-wiz-serp&xssi=t&gs_pcrt=3&hl=en&authuser=0&pq=104.94.109.142443&psi=C8krZr7QHOyTwbkPuNyGwAw.1714145550203&dpr=1&ofp=EAE HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV
Source: global traffic	HTTP traffic detected: GET /complete/search?q=104.94.109.142443&cp=0&client=gws-wiz-serp&xssi=t&gs_pcrt=undefined&hl=en&authuser=0&pq=104.94.109.142443&psi=C8krZr7QHOyTwbkPuNyGwAw.1714145550203&dpr=1&ofp=EAE HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=3/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/ck=xjs.s.GGin1mxRzvU.L.W.O/am=gB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKYGgmXAACsCGIADgg0MAAMAQAABCAAjA5oEKARQhIABgAIAggZ__BAAAHACBAQAgZAICBEC4AJIQkIMAAEQwwQCkAgDDjwAAIIAEAAAcoMB-AAEDESA8hAABgACYYPwDoIIAICQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=1/exm=SNUn3,attn,cEt90b,cdos,csi,d,dtl0hd,eHDfl,gwc,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/excm=ABxRVc,AD6AIb,AOTkuc,CVVp5c,FmnE6b,KYXthe,KiXlnd,NsEUGe,Ok4XMd,Ollhtb,PlCTlc,RP6nyf,SpjoE,Ut0TMc,VL58m,WFRJOb,WuIPnb,ZGLUZ,ZrXR8b,bXyZdf,fNMhz,gKO30e,hU1IHe,hWJjIf,rL2AR,xB2dQd,y25qZb,yChgtb/ed=1/dg=0/br=1/ujg=1/rs=ACT90oFHhWzRDSD7HZXJ5E0CbPv4n89phQ/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KeeMUb:HiPxjc;KpRAue:Tia57b;LBgRLc:XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;PqHfGe:im2cZe;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bDXwRe:UsyOtc;bFZ6gf:gU6kfd;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:VruDBd;eHDfl:ofjVkb;eO3lse:nFClrf;fWLTFc:TVBJbf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;p2tIDb:tp1Cx;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qGV2uc:HHi04c;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uknmt:GkPrzb;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;xbe2wc:uRMPBc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=Eox39d,GElbSc,HYSCof,KHourd,ajbYod,pHXghd,tIj4fb,vrkJ0e,xdV1C?xjs=s1 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-m
Source: global traffic	HTTP traffic detected: GET /client_204?atyp=i&biw=1034&bih=870&ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=rcm&cad=&ei=C8krZr7QHOyTwbkPuNyGwAw&ved=0ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ39UDCAw&jsname=gLFyf&zx=1714145552364&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=rcm&cad=&ei=C8krZr7QHOyTwbkPuNyGwAw&ved=0ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ39UDCAw&jsname=gLFyf&zx=1714145552380&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=rcm&cad=&ei=C8krZr7QHOyTwbkPuNyGwAw&ved=0ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ39UDCAw&jsname=gLFyf&zx=1714145552500&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.s.GGin1mxRzvU.L.W.O/am=gB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKACAmXAAAsCGAADgg0MAAIAAAAACAACAwgEAABAgIABgAAAgAAAAAAAAHAABAAAgBAACBECAAJIQkIEAAEQwwQCkAgDDjwAAIIAEAAAAoEAAAAEDESA8hAABgACQQAQCIIIAACAHCAEAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAQ/d=0/br=1/rs=ACT90oGSC2kJ5MOZFnDJZQWz14iwbMFYQQ/m=y05UD,sy13c,sy1k1,sy1qj,sy1pf,sy1qq,sy2fh,sy13j,sy1pb,sy1pc,sy1pd,sy1qy,sy16x,sy3hx,sy6z8,epYOx,L1AAkb?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=sb_wiz,aa,abd,sy1ee,sy1ek,sy1el,sy1ej,sy1em,sy1yg,async,bgd,sy3z4,sy3z5,foot,sy2jo,sy6iz,kyn,sy1k9,lli,sf,sy1e8,sy1e9,sy3fx,sonic,TxCJfd,sy6y9,sy6ya,qzxzOb,IsdWVc,sy15m,sy170,sy173,sy316,sy6y8,syeq,sy155,sy6yc,spch,tl,MpJwZc,UUJqVe,sy7m,sOXFj,sy7l,s39S4,NTMZac,nAFL3,oGtAuc,sy8f,sy8g,q0xTif,y05UD,sy12g,sy13c,sy13a,sy13b,sy13e,sy13g,sy13h,sy13d,sy13i,sy1k1,sy1k2,sy1ph,sy1pi,sy1qf,sy1qj,sy1p9,sy1qn,sy1pr,sy1pf,sy1po,sy1pp,sy1qq,sy1qr,sy2ge,sy2gf,sy2fh,sy2lf,sy13j,sy13k,sy1pb,sy1pc,sy1pd,sy13x,sy1pg,sy175,sy1pj,syf2,sy142,sy1pk,sy1pl,sy1pm,sy1qy,sy1r0,sy16x,sy3hx,sy3hy,sy6z8,epYOx,synw,synv,rtH1bd,syo2,syxb,syxr,syo0,sy1ef,sy1eg,sy1eh,sy2ot,sy2ou,sy2ov,EkevXb,syzp,syzq,syzr,syzo,syzs,syzn,sy1cd,SMquOb,syzy,sy1ce,sy1cf,sy1cg,sy1ch,sy1ci,d5EhJe,sy1cj,sy1ck,sy1cl,syzt,syzu,sy1au,sy1cn,sy1co,zx30Y,syyf,sy1d9,sy1da,sy1db,sy1dc,sy1dd,sy1df,sy1de,T1HOxc,sy1dh,sy1di,DQfvme,syzl,sy1dj,Wo3n8,synz,L1AAkb,sy1f2,SZXsif,sy1zj,fiAufb,syn5,syos,syor,sy2xd,sy3yf,sy40p,sy40q,sy40o,sy4e7,sYEX8b,sy4u7,GU4Gab,sy3a5,T5VV,sy1zu,aDVF7,sy4u9,rhYw1b,E9M6Uc,Zilivc,syzw,sy11c,sy1cp,sy10i,sy10j,sy10e,sy10f,sy10g,sy10h,sy10d,sy10l,sy10m,sy10k,sy10n,sy10o,sy113,sy114,sy10u,sy10y,sy10z,sy110,sy111,sy10v,sy115,sy112,sy10s,sy10t,sy10r,sy10q,sy12p,sy1ii,sy1ik,sy1ij,sy1im,sy1il,sy1ip,sy1io,sy2mu,sy2mx,sy2n5,sy2n2,sy2n6,sy116,sy118,sy119,sy2mv,sy2n7,sy2n9,Hlw0zd,M6QgBb,sy2ni,sy2nj,EO13pd,RagDlc?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySw
Source: global traffic	HTTP traffic detected: GET /logos/fnbx/zrp/full_yeti.json HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /async/asyncContextualTask?vet=12ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ4dMLegQIBRAA..i&ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449&yv=3&cid=10943804590251964565&cs=0&async=_k:xjs.s.en_US.DNHITQOYOgk.O,_am:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.s.GGin1mxRzvU.L.W.O%2Fam%3DgB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKACAmXAAAsCGAADgg0MAAIAAAAACAACAwgEAABAgIABgAAAgAAAAAAAAHAABAAAgBAACBECAAJIQkIEAAEQwwQCkAgDDjwAAIIAEAAAAoEAAAAEDESA8hAABgACQQAQCIIIAACAHCAEAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAQ%2Fbr%3D1%2Frs%3DACT90oGSC2kJ5MOZFnDJZQWz14iwbMFYQQ,_fmt:prog,_id:rNi7Zc HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-DoS-Behavior: Embedsec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /async/asyncContextualTask?vet=12ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ4dMLegQICBAA..i&ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449&yv=3&cid=10194214981100978668&cs=0&async=_k:xjs.s.en_US.DNHITQOYOgk.O,_am:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.s.GGin1mxRzvU.L.W.O%2Fam%3DgB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKACAmXAAAsCGAADgg0MAAIAAAAACAACAwgEAABAgIABgAAAgAAAAAAAAHAABAAAgBAACBECAAJIQkIEAAEQwwQCkAgDDjwAAIIAEAAAAoEAAAAEDESA8hAABgACQQAQCIIIAACAHCAEAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAQ%2Fbr%3D1%2Frs%3DACT90oGSC2kJ5MOZFnDJZQWz14iwbMFYQQ,_fmt:prog,_id:rNi7Zc HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-DoS-Behavior: Embedsec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /async/asyncContextualTask?vet=12ahUKEwj-gc3jmeCFAxXsSTABHTiuAcgQ4dMLegQIBhAA..i&ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449&yv=3&cid=4586455008918215834&cs=0&async=_k:xjs.s.en_US.DNHITQOYOgk.O,_am:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.s.GGin1mxRzvU.L.W.O%2Fam%3DgB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKACAmXAAAsCGAADgg0MAAIAAAAACAACAwgEAABAgIABgAAAgAAAAAAAAHAABAAAgBAACBECAAJIQkIEAAEQwwQCkAgDDjwAAIIAEAAAAoEAAAAEDESA8hAABgACQQAQCIIIAACAHCAEAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAQ%2Fbr%3D1%2Frs%3DACT90oGSC2kJ5MOZFnDJZQWz14iwbMFYQQ,_fmt:prog,_id:rNi7Zc HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-DoS-Behavior: Embedsec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=uKlGbf,syyj,sy3ze,DpX64d,sy3zf,EufiNb,sy1fp,P10Owf,syy4,syzv,gSZvdb,sy5ul,vTw9Fc,sym1,syoh,syoi,syoj,syok,syol,DPreE,sy2tx,qcH9Lc,sy3l6,ROaKxe,sy3l8,sy3l9,pj8IAe,sy15a,sy37l,sy3lf,sy3zm,YFicMc?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0
Source: global traffic	HTTP traffic detected: GET /async/bgasy?ei=C8krZr7QHOyTwbkPuNyGwAw&opi=89978449&yv=3&cs=0&async=_fmt:jspb HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-DoS-Behavior: Embedsec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0
Source: global traffic	HTTP traffic detected: GET /client_204?cs=1&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; DV=MwsGE8W4wMoVcJwiBMaOV26pWpWw8Rg
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=sy3zk,sy4e6,w4UyN,sywu,sywv,EbPKJf,sy4tu,sy72c,J9Q59e,sy4tv,a6Sgfb,Tia57b,KpRAue,sy1kd,NyeqM,sy2t9,sy2ta,O9SqHb?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; NID=513=SZLmA6UiSOao1YpPP2tVXymAzYEbZ6smyjQpEYDk1eZIGsp5OZNCNXL588Uy_wjc1Pd2xI5pjxeYqMIcrovJHuAncov0VoH6aXM9qhxCZILkZNzdgRTrw4wAySwas05dEH1WE4m0PI4EMlVxDgPjxG_Ubws2DbVDL3NQAsMmbRUPYAG47l9z3wrSwwyFt9dV; GZ=Z=0; DV=MwsGE8W4wMoVcJwiBMaOV26pWpWw8Rg
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=sywy,syx0,syx1,WlNQGd,sy2mm,sy2mn,nabPbb,syww,sywx,sywz,CnSW2d,sy1f9,sy1fa,sy1fb,sy1fc,sy1fd,sy1fe,sy4dj,sy6y6,VD4Qme,syf9,BYwJlf,syns,syo1,syo6,VEbNoe,symg,sy2ob,sy2oc,sy5a0,ND0kmf,pjDTFb,sy1wv,sy2t7,sy2tg,sy2th,KgxeNb,sy2tc,khkNpe?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; GZ=Z=0; DV=MwsGE8W4wMoVcJwiBMaOV26pWpWw8Rg; NID=513=MuwO3d2tTlKeMpaSa7jTo2Iys3rkReoLhogoQ0C0QWN2FqxDlYXtN2kNAixJJIOW-CNkY4hm10Uqe38yARSdO7Gxo7dvtK_M8o9JWcmjjFkAANNjgSi8804FyZUctEVzDKzjCdjGBPBAgoXMLOuzHzhXZWZ3ANyUm77nTHR-0LL8wiRV3_2mU9X8E4_mOabgCfm-2gREqcE
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=syfc,syfd,aLUfP?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; GZ=Z=0; DV=MwsGE8W4wMoVcJwiBMaOV26pWpWw8Rg; NID=513=MuwO3d2tTlKeMpaSa7jTo2Iys3rkReoLhogoQ0C0QWN2FqxDlYXtN2kNAixJJIOW-CNkY4hm10Uqe38yARSdO7Gxo7dvtK_M8o9JWcmjjFkAANNjgSi8804FyZUctEVzDKzjCdjGBPBAgoXMLOuzHzhXZWZ3ANyUm77nTHR-0LL8wiRV3_2mU9X8E4_mOabgCfm-2gREqcE
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIAggZ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAACYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=0/dg=0/br=1/rs=ACT90oEbqmiJA6IEvz6PO2Lr2vCdQ-a7SA/m=kMFpHd,sy8s,bm51tf?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; GZ=Z=0; DV=MwsGE8W4wMoVcJwiBMaOV26pWpWw8Rg; NID=513=MuwO3d2tTlKeMpaSa7jTo2Iys3rkReoLhogoQ0C0QWN2FqxDlYXtN2kNAixJJIOW-CNkY4hm10Uqe38yARSdO7Gxo7dvtK_M8o9JWcmjjFkAANNjgSi8804FyZUctEVzDKzjCdjGBPBAgoXMLOuzHzhXZWZ3ANyUm77nTHR-0LL8wiRV3_2mU9X8E4_mOabgCfm-2gREqcE
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=C8krZr7QHOyTwbkPuNyGwAw&zx=1714145560773&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HzDn9iV-4n2o3fyy-Ev4pwJoOU3BWCRkK9WKefp5aa1ICREHvHs_g; GOOGLE_ABUSE_EXEMPTION=ID=211ac792a2de2ae0:TM=1714145544:C=r:IP=102.129.152.220-:S=bW_BRuXgiNkknohxpUtoqJ0; GZ=Z=0; DV=MwsGE8W4wMoVcJwiBMaOV26pWpWw8Rg; NID=513=MuwO3d2tTlKeMpaSa7jTo2Iys3rkReoLhogoQ0C0QWN2FqxDlYXtN2kNAixJJIOW-CNkY4hm10Uqe38yARSdO7Gxo7dvtK_M8o9JWcmjjFkAANNjgSi8804FyZUctEVzDKzjCdjGBPBAgoXMLOuzHzhXZWZ3ANyUm77nTHR-0LL8wiRV3_2mU9X8E4_mOabgCfm-2gREqcE
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=104.94.109.142443&oit=4&cp=15&url=https%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3D104.94.109.142443%26oq%3D104.94.109.142443%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTExNDQxajBqN6gCALACAA%26sourceid%3Dchrome%26ie%3DUTF-8&pgcl=9&gs_rn=42&psi=uP-5m4QVderHBMsc&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=MuwO3d2tTlKeMpaSa7jTo2Iys3rkReoLhogoQ0C0QWN2FqxDlYXtN2kNAixJJIOW-CNkY4hm10Uqe38yARSdO7Gxo7dvtK_M8o9JWcmjjFkAANNjgSi8804FyZUctEVzDKzjCdjGBPBAgoXMLOuzHzhXZWZ3ANyUm77nTHR-0LL8wiRV3_2mU9X8E4_mOabgCfm-2gREqcE; 1P_JAR=2024-04-26-15
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 104.94.109.142:443Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 104.94.109.142:443Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 104.94.109.142:443Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 104.94.109.142:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 104.94.109.142:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 104.94.109.142:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: id.google.com

Source: unknown

Source: chromecache_246.16.dr	String found in binary or memory: http://schema.org/SearchResultsPage
Source: Invoice INV-0003.pdf	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: Invoice INV-0003.pdf	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: Invoice INV-0003.pdf	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: chromecache_285.16.dr	String found in binary or memory: http://www.broofa.com
Source: 57976eb8-e795-42a2-ae2a-36f82186c22f.tmp.3.dr, e1a9dfbb-a1c2-45d1-94ed-f4999b77d8cf.tmp.3.dr	String found in binary or memory: https://chrome.cloudflare-dns.com
Source: chromecache_242.16.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_242.16.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_248.16.dr	String found in binary or memory: https://content-push.googleapis.com/upload/
Source: chromecache_242.16.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_242.16.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_242.16.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_248.16.dr	String found in binary or memory: https://embeddedassistant-webchannel.googleapis.com/google.assistant.embedded.v1.EmbeddedAssistant/A
Source: chromecache_285.16.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_285.16.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_285.16.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_285.16.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_274.16.dr	String found in binary or memory: https://lens.google.com
Source: chromecache_248.16.dr	String found in binary or memory: https://lens.google.com/gen204
Source: chromecache_242.16.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_248.16.dr	String found in binary or memory: https://push.clients6.google.com/upload/
Source: chromecache_242.16.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_248.16.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_242.16.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_242.16.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_242.16.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_242.16.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_274.16.dr	String found in binary or memory: https://support.google.com/websearch/answer/106230
Source: chromecache_274.16.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_242.16.dr	String found in binary or memory: https://www.apache.org/licenses/
Source: chromecache_265.16.dr	String found in binary or memory: https://www.google.
Source: chromecache_285.16.dr	String found in binary or memory: https://www.google.com
Source: chromecache_274.16.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: chromecache_265.16.dr	String found in binary or memory: https://www.google.com/logos/fnbx/zrp/full_yeti.json
Source: chromecache_265.16.dr	String found in binary or memory: https://www.google.com/logos/fnbx/zrp/full_yeti_dm.json
Source: chromecache_264.16.dr, chromecache_242.16.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_248.16.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_248.16.dr	String found in binary or memory: https://www.googleapis.com/language/translate/v2
Source: chromecache_242.16.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__.
Source: chromecache_265.16.dr	String found in binary or memory: https://www.gstatic.com/external_hosted/lottie/lottie_light.js
Source: chromecache_285.16.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_285.16.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_285.16.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chromecache_264.16.dr, chromecache_244.16.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js
Source: chromecache_248.16.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49706 version: TLS 1.2

Source: classification engine

Classification label: clean1.winPDF@47/160@4/6

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 17-30-52-579.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice INV-0003.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2268 --field-trial-handle=1568,i,12462945902927182256,8710539947262449294,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1924,i,1629623515606547392,5655261091976178097,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2268 --field-trial-handle=1568,i,12462945902927182256,8710539947262449294,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1924,i,1629623515606547392,5655261091976178097,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: _.Vdb=_.C("EEDORb",[_.Gdb,_.Mdb,_.Pdb]); source: chromecache_265.16.dr
Source:	Binary string: _.ku=function(a,b,c,d){var e=void 0===d?{}:d;d=void 0===e.Es?!0:e.Es;e=void 0===e.preventScroll?!1:e.preventScroll;_.PDb(a,b,{Es:d,preventScroll:e});c?_.QDb(a,b,c,{Es:d,preventScroll:e}):b.el().contains(_.Ol(a.oa.Ih()))\|\|RDb(a,b,{Es:d,preventScroll:e})}; source: chromecache_248.16.dr
Source:	Binary string: a.service.yj;this.PDb=a.Kd.PDb};_.G(Wtk,_.F);Wtk.Ga=function(){return{service:{j4b:_.Rtk,yj:_.KE},Kd:{PDb:"Fd92vb"}}}; source: chromecache_256.16.dr
Source:	Binary string: _.Qdb=function(a){_.xn.call(this,a.Ka)};_.G(_.Qdb,_.xn);_.Qdb.nb=_.xn.nb;_.Qdb.Ga=function(){return{}};_.Qdb.prototype.oa=function(a){return _.Xbb(a)};_.zn(_.Pdb,_.Qdb); source: chromecache_265.16.dr
Source:	Binary string: _.PDb=function(a,b,c){c=void 0===c?{}:c;var d=void 0===c.Es?!0:c.Es,e=void 0===c.preventScroll?!1:c.preventScroll;c=SDb(a);var f=SDb(a);_.oe(c.el(),"focus",function(){this.gzb(b,{Es:d,preventScroll:e})},a);_.oe(f.el(),"focus",function(){_.TDb(this,b,{Es:d,preventScroll:e})},a);b.children().first().before(c);b.append(f)}; source: chromecache_248.16.dr
Source:	Binary string: Wtk.prototype.wa=function(){var a=this;this.ka\|\|(this.ka=!0,this.j4b.ABa().then(function(){a.ka=!1;a.yj.reload()},function(){Xtk(a)}))};Wtk.prototype.oa=function(){var a=this;this.ka\|\|(this.ka=!0,Vtk(this.j4b).then(function(){a.ka=!1;a.yj.reload()},function(){Xtk(a)}))};var Xtk=function(a){a.PDb&&(a.PDb.setTimeout(3E4),a.PDb.show());a.ka=!1};_.J(Wtk.prototype,"XZ94se",function(){return this.oa});_.J(Wtk.prototype,"xoizsc",function(){return this.wa});_.J(Wtk.prototype,"i3viod",function(){return this.Aa}); source: chromecache_256.16.dr
Source:	Binary string: _.Pdb=_.C("aurFic"); source: chromecache_265.16.dr
Source:	Binary string: _.fcf=function(a){_.iu.call(this,a.Ka);this.ka=!1;this.container=new _.Vf([]);this.Ba=!1;this.Aa=[];this.wa=[];this.Ha=new _.ODb(null)};_.G(_.fcf,_.iu);_.fcf.nb=_.iu.nb;_.fcf.Ga=_.iu.Ga;_.fcf.prototype.isOpen=function(){return this.ka};_.fcf.prototype.open=function(a,b,c){c=void 0===c?!1:c;this.ka\|\|(this.Ha=new _.ODb(document.activeElement),this.Ja=_.oe(a.el(),_.QCb,this.Qa,this),this.container=a,gcf(this,a),c?_.PDb(this,a):_.ku(this,a,b),this.ka=this.Ba=!0)}; source: chromecache_248.16.dr

Source: Invoice INV-0003.pdf	Initial sample: PDF keyword /JS count = 0
Source: Invoice INV-0003.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Invoice INV-0003.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Jump to behavior

ID:	1432212
Product:	CloudBasic
Start time:	17:30:22
Start date:	26.04.2024
Sample:	Invoice INV-0003.pdf
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	bb2c9ef5ae7baab6b4b2149e0b079506
SHA1:	8b8a386f503169e5cf84e68e30f7c94d64c8be21
SHA256:	ed8acf198b741d8f45bb39f078000262a73267414251948cb5b12da679ee3357
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Windows Analysis Report
Invoice INV-0003.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report Invoice INV-0003.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
Invoice INV-0003.pdf